A series flaw in Internet Explorer was held for at least three years before it was revealed at the hacking contest Pwn2Own earlier this year.
According to The Hacker News, French vulnerability management company Vupen said that the zero-day vulnerability affected versions 8, 9, 10 and 11 of Internet Explorer browser that allowed attackers to remotely bypass the IE Protected Mode sandbox.
It claimed that the flaw was discovered by the company on 12th February 2011, reported to Microsoft in March and patched in June.