FYI...
- http://community.websense.com/blogs/...-explorer.aspx
23 Dec 2010 - "... Two different new zero-day exploits were published on December 22...
1) ... The use of built-in protections of DEP and ASLR on the Windows platform and Internet Explorer doesn't guarantee to stop the exploit. It stems from the fact that the affected DLL mscorie.dll used by Internet Explorer wasn't compiled to support ASLR - this fact allows an attacker to also bypass DEP by using ROP (return to oriented programming) and successfully exploit the system...
2) ... The second vulnerability takes advantage of the Microsoft WMI Administrative Tools ActiveX Control. Internet Explorer is vulnerable only if Microsoft WMI administrative tools is installed..."