Zero day, no patch.Description:
A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a use-after-free error when composed HTML elements are bound to the same data source. This can be exploited to dereference freed memory via a specially crafted HTML document.
Successful exploitation allows execution of arbitrary code.
NOTE: Reportedly, the vulnerability is currently being actively exploited.
The vulnerability is confirmed in Internet Explorer 7 on a fully patched Windows XP SP3 and in Internet Explorer 6 on a fully patched Windows XP SP2, and reported in Internet Explorer 5.01 SP4. Other versions may also be affected.