As the day draws to a close on December 16, 2008, Microsoft issued an advance out-of-band security advisory, #961051, and an emergency patch to follow the next day.
The vulnerability behind this advisory is a critical remote-code-execution vulnerability within Internet Explorer (IE). All currently supported versions of IE are affected. The vulnerability is related to an invalid pointer used in the data binding element within IE’s code base. This vulnerability allows remote execution of arbitrary code. If a vulnerable browser visits a malicious Web site, this Web site can instruct the browser to execute arbitrary code with the same privilege as the user itself.