Just in time for the holidays, a new bug has been found in Internet Explorer that enables hackers to execute arbitrary code. This was first reported by McAfee:

The root cause was found to be the incorrect handling of certain XML tags in Internet Explorer 7.x that references already freed memory in the mshtml.dll.

We have confirmed this vulnerability to be affecting, at least, a fully patched Windows XP SP3 and a Vista SP1 system. The exploit uses publicly known heap-spray techniques that enable control over a vtable pointer, allowing arbitrary code execution.


This might or might not be related to the Internet Explorer patch released today; MS08-73 contains four vulnerabilities in IE6 and IE7 that might lead to remote code execution. Two of these have to do with HTML rendering; XML might be a special case of HTML rendering in IE. If they are not related, this might lead to an extra patch later this week.