Hi-tech criminals have long known that they can exploit IE's memory management to inject their own malicious code into the stream of instructions a computer processes as a browser is being used.

BBC: Microsoft warns on IE browser bug

For cross-site scripting, which allows an attacker to inject his or her own code into a website, 75% of government-written applications were vulnerable, compared with 67% in the finance industry and 55% of commercial software.

FORBES: Study Confirms The Government Produces The Buggiest Software