Buffer overflow in Internet Explorer vgx.dll (VML flaw)
Causes a denial-of-service (crash) and can allow remote access
In response Microsoft has issued a rare, out-of-cycle patch. Microsoft traditionally issues new security patches on the second Tuesday of each month so that system administrators have time to test the patch before rolling it out to desktops on a network. But because details on how to make an exploit for this Internet Explorer have been posted on the Internet and because various third-party security vendors have issued their own patches, Microsoft rushed this patch.