patch will come in hours(at least i believe so).
many people(paul of greyhats and mike, sandblad of secunia and shreddersub7) already provided proof-of-concept remote-code-execution exploit for winxp-sp2-uptodate Internet Explorer.
the problem is: their code is simply not applicable in real attack. so i made this:
http://0daymon.org/monitor/injecthh-op-2/dir/injecthh_op_2-code_by_liudieyu
http://0daymon.org/monitor/injecthh-op-2/dir.zip
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html