A new Internet Explorer 0-Day attack uses a malformed Office webpage exploit to crash the IE engine.  It is being reported by SANS ISC as Chinese security firm provides very early reports on this new threat circulating in-the-wild. 


Qihoo 360 Technology, a Chinese internet security company, published a report for a new Internet Explorer zero-day exploit it has seen exploited in the wild by an (unmentioned) APT group. Qihoo 360 has reported this to Microsoft on 4/19/2018. We have no news from Microsoft.  Although the report does not contain much technical details, there is a diagram of the chain that we have translated.  It seems that the initial attack, detected by Qihoo 360, used a Microsoft Office document containing a web page. The vulnerability seems to be in the Internet Explorer engine, and could thus be exploited via any application that uses the IE engine.