An unpatched security vulnerablity in Internet Explorer v7 is being actively exploited in-the-wild. The vulnerability lies in Internet Explorer’s handling of specially crafted XML tags which can leave the browser susceptible to a heap spray attack. Successful exploit results in the installation of a data theft trojan with autorun worm capabilities.

Initial exploit of the Internet Explorer zero day vulnerability was first observed on December 8. The vulnerability was not addressed by the "patch Tuesday" releases from Microsoft on December 9. Active exploit continues through present day. Domains involved in the IE7 zero-day attacks include:

wwwwyyyyy.cn
sllwrnm5.cn
baikec.cn
oiuytr.net
hs7yue.cn

In addition to the IE7 zero-day exploit, two other zero day vulnerabilities are also being reported. One involves improper memory management in MS SQL Server 2000, with the discoverer of that exploit releasing details prior to a patch having been made available. The flaw is alleged to be remotely exploitable via SQL injection attack.

The third zero-day vulnerability was reported in WordPad’s text conversion feature. Microsoft Security Advisory 960906 has been released in response to the discovery. Microsoft has indicated they believe the risk of encounter to the WordPad exploit is limited "as the issue has not been publicly disclosed broadly".