Internet Explorer 6 through 11 contain a use-after-free vulnerability in the SetMouseCapture implementation that allows remote code execution through crafted JavaScript, exploited in targeted attacks via ms-help: URL protocol.
Microsoft
RCE
NVD
Exploit-DB
VulDB
CVSS 3.1
8.8
EPSS
81.2%
Threat
9.2