Zero Day Initiative Advisory 09-012 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when processing, in XHTML strict mode, a CSS stylesheet containing a specific combination of style directives one of which must be a 'zoom'. The fault in processing results in a memory corruption vulnerability which can be leveraged to execute arbitrary code under the context of the current user.
49b91ae6e02af8783586f7f9aa3c578036a59ad840eb44e365f5a5c15c236280