Here we go again:
“There is a new exploit for Internet Explorer that was released by Secunia today. The exploit allows for arbitrary code execution.”
And as Lorna puts it, “its a heap overflow just waiting to happen”. It most certainly is. And what does that mean? It means that bad people have probably known about this exploit for quite some time and have already developed an exploit. They are using this exploit to compromise unsuspecting people who are using IE, most likely in large organizations who refuse to support anything other than Internet Exposure, er, Explorer. And compromise they will, installing the latest round of Spyware, Adware, and bots that will launch the next DDoS and make some hacker a hefty sum of money per month for his or her troubles.
We still don’t have a patch, and we don’t have a workaround, other than to use Firefox.