Cascading Style Sheets (CSS) is a simple mechanism for adding style to web documents.
A use-after-free vulnerability exists in Microsoft's Internet Explorer layout engine (in mshtml.dll) when handling extra-large values for the layout-grid-char property. The resultant memory corruption can be exploited by a remote, unauthenticated attacker to execute arbitrary code in the context of the currently logged in user.
Apply a patch as described in Microsoft Security Bulletin MS11-050.
Exploit works on Internet Explorer 8 on Microsoft Windows SP3 English with security update KB959426, and requires a user to open the exploit page in Internet Explorer.