Well, another zero day exploit for M$ products – this time a very nasty Internet Explorer vulnerability.
The vulnerability allows a website to exploit execution of arbitrary code. Here is the advisory from Secunia:
“The vulnerability is caused due to a use-after-free error when composed HTML elements are bound to the same data source. This can be exploited to dereference freed memory via a specially crafted HTML document.”
So, IE versions 5.x, 6.x, and 7.x affected. No patch. I would stop using IE personally – at least until this gets cleared up.