Microsoft Internet Explorer does not properly handle requests to the window() object. When an HTML document references the window() object in a specially crafted manner, Internet Explorer can crash in a way that allows an attacker to execute arbitrary shell code.
Note: Proof of concept code is publicly available.
Be careful when you click a link; otherwise, you may be owned. This is a very critical vulnerability of IE. PoC is already available, and so is the shell code. Infocon has been turned into yellow for about a day due to this.
At the same time, exploiting this flaw seems to be way too simple. Address is already published, and a code injection vector can be put quite simply.