Secunia

Some vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.

1) An unspecified error in the processing of data stream headers can be exploited to trigger a memory corruption.

2) An error related to a certain HTML component is caused due to the improper validation of arguments.

3) An error with the copy constructor of an unspecified DOM object can be exploited to trigger a double-free error causing a memory corruption.

4) An error exists within the processing of certain CSS style information, which can be exploited to cause a memory corruption by using a writing-mode style in combination with certain HTML tags.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

Solution
Apply patches and then the following update:
Further details available in Customer Area

Provided and/or discovered by
1) The vendor credits SkyLined of Google Inc.
2) The vendor credits Mark Dowd, Ryan Smith, and David Dewey.
3) Two anonymous persons, reported via ZDI.
4) Sam Thomas of eshu.co.uk, reported via ZDI.

Changelog
Further details available in Customer Area

Original Advisory
Microsoft (KB974455):
http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx

Microsoft:
http://blogs.technet.com/srd/archive/2009/10/12/ms09-054.aspx
http://blogs.technet.com/msrc/archive/2009/11/02/update-released-for-ms09-054.aspx

Zero Day Initiative:
http://www.zerodayinitiative.com/advisories/ZDI-09-070/
http://www.zerodayinitiative.com/advisories/ZDI-09-071/

Deep Links
Links available in Customer Area