Internet Explorer 6 through 8 contain a use-after-free vulnerability in CDwnBindInfo object handling that allows remote code execution through crafted websites, exploited as a zero-day in December 2012.
RCE
Microsoft
Use After Free
Memory Corruption
NVD
GitHub
Exploit-DB
VulDB
CVSS 3.1
8.8
EPSS
91.4%
Threat
9.5