'Zero-Day' Internet Explorer Flaw Detected

I know this is old news, since this is still being exploited...

eEye Digital Security - Vulnerability Management Solutions: "It has been discovered that an adware purveyor has leveraged two security flaws (one of which was previously undetected, a 'zero day') in Microsoft's Internet Explorer browser to surreptitiously install a toolbar on victims' computers that triggers pop-up ads.

One of the flaws lets an attacker run a program on a victim's machine, while the other enables malicious code to run with privileges higher than normally allowed. When combined, the two issues allow for the creation of a Web site that, when visited by victims can upload and install programs to the victim's computer."