Microsoft Internet Explorer CSS Handling Code Execution Vulnerability
A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a dangling pointer in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the "getElementsByTagName()" method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.
Microsoft Internet Explorer 7
Microsoft Internet Explorer 6
More info: http://www.vupen.com
See also IE6 and IE7 0-Day Reported