HP researchers have published a zero day exploit that can be used to attack an Internet weakness Explore. The researchers published the exploit after Microsoft refused to issue a patch.
In a post on the company's blog, Dustin Childs, senior security content developer of HP, says that the move to publish the exploit can be considered "evil," but followed the policy of disclosures.
"Microsoft has confirmed to us that it does not intend to release a patch for the security breach, and we felt the need to release the information to the public," said Childs.
The bug allows an attacker to bypass the Address Space attribute layout Randomization (ASLR), which acts as one of several lines of defense in the popular browser.
The zero day exploit only affects 32-bit systems, but HP researchers said the bug still affects millions systems, even if most today are 64-bit.
Childs, who reported the error to Microsoft, said the response from the company was "technically correct." He thus punished the company's decision not to correct the error.
The HP Team even a PoC was released which demonstrates that the error exists in Windows 7 and 8.1.
