Secunia Research has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap.

Successful exploitation allows execution of arbitrary code.

NOTE: Exploit code is publicly available.
Alas., Sunbelt Software., Creators of the CounterSpy have a video footage of the createTextRange() exploit in action.,

The Video footage can be downloaded here. [WMV] [7.1MB]

Arun Bharartram has an In-depth coverage of this Exploit.