Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems.
A data binding error allows command execution when a user loads specially crafted XML code containing nested SPAN tags, resulting in accessing of memory space of a deleted object.
Apply one of the workarounds suggested in Microsoft Security Advisory 961051.
Exploit works on Internet Explorer 7 and requires a user to load the exploit page.
The reliability of this exploit may depend upon the system's memory state.