ABSTRACT
Unicorn Bug CVE-2014-6332 could be one of the oldest bugs in the computer world. On November 12, 2014, Microsoft issued a patch for a major security hole in its Windows software that it admitted has been there for 19 years. This bug allows remote code execution in Internet Explorer. This bug, discovered by an IBM X-Force security researcher, is significant because it exploits an old bug present in Internet Explorer versions 3 through 11. This means that most, if not all, Internet Explorer users are vulnerable unless they are using patched systems. It gets worse: the vulnerability not only can be used by an attacker to run arbitrary code on a remote machine, but it can also bypass the Enhanced Protected Mode (EPM) sandbox in IE11 as well as Microsoft's free anti-exploitation tool, the Enhanced Mitigation Experience Toolkit (EMET).
