Hi-tech criminals have long known that they can exploit IE's memory management to inject their own malicious code into the stream of instructions a computer processes as a browser is being used.

BBC: Microsoft warns on IE browser bug