A remote exploit targeting fully patched IE (several versions) is available in the wild, the vulnerability is rated as critical.
VeriSign's iDefense security division reports that attack code was up for sale at prices of up to $15,000 through underground forums.
The exploit is available on http://milw0rm.com/exploits/7403
Real example of the exploit: http://milw0rm.com/sploits/2008-iesploit.tar.gz
Analysis by HD Moore:
Microsoft Official Advisory:
List of sites exploiting this vulnrability:
The exploit is spreading:
Technical Analysis of real exploit:
The big picture: