the UK group “Computer Terrorism” released a proof of concept exploit against patched versions of Internet Explorer. We verified that the code is working on a fully patched Windows XP system with default configuration.
Arbitrary executables may be executed without user interaction. The PoC demo as tested by us will launch the calculator (calc.exe).
In addition ot the PoC ‘Calculator’ exploit, a reader (thanks Chris R!) submitted a version that opens a remote shell. The PoC exploit allows for easy copy/paste of various shell code snippets.
In itself, the vulnerability will not escalate privileges. We are trying to verify other exploits at this point.
As the man said – make sure you use Firefox or Opera.