May 10, 2016
Attackers have exploited an Internet Explorer zero-day vulnerability in limited targeted attacks that affected South Korea. The exploit for the Microsoft Internet Explorer Scripting Engine Remote Memory Corruption Vulnerability (CVE-2016-0189) appears to have been hosted on a web page, which suggests that attackers used spear-phishing emails or watering hole attacks to compromise users.
Microsoft fixed the zero-day vulnerability in its latest Patch Tuesday release.
Attacks against CVE-2016-0189
Attackers took advantage of the CVE-2016-0189 vulnerability before Microsoft patched it. They may have distributed the exploit through a link included in a spear-phishing email or a compromised, legitimate website that redirected users to the exploit.