After analyzing the leaked data from last week's attack on Hacking Team (http://it.slashdot.org/story/15/07/07/1355223/hacking-team-scrambling-to-limit-damage-brought-on-by-explosive-data-leak), Vectra researchers discovered a previously unknown high severity vulnerability in Internet Explorer 11 (http://blog.vectranetworks.com/blog/microsoft-internet-explorer-11-zero-day), which impacts the browser on both Windows 7 and Windows 8.1. The vulnerability is an exploitable use-after-free (UAF) vulnerability that occurs within a custom heap in JSCRIPT9. Since it exists within a custom heap, it can allow an attacker to bypass protections found in standard memory. Microsoft has published a patch for this vulnerability, and also patched another one pulled from the Hacking Team files (http://arstechnica.com/security/2015/07/ms-kills-critical-ie-11-bug-after-exploit-was-shopped-to-hacking-team/) by different security researchers.

http://tech.slashdot.org/story/15/07/15/0424209/critical-internet-explorer-11-vulnerability-identified-after-hacking-team-breach