Microsoft Security Advisory (2488013) Vulnerability in Internet Explorer Could Allow Remote Code Execution

How does EMET help reduce user risk with respect to this vulnerability?
Using EMET on Windows Vista and Windows 7 will help mitigate the impact of this vulnerability by forcing all dlls to opt-in to ASLR. Microsoft has seen some proof-of-concept code use advanced techniques to evade ASLR. EMET will help mitigate this vulnerability for these users. For more information see Microsoft Knowledge Base Article 2458544.

What is Address Space Layout Randomization (ASLR)?
Systems implementing Address Space Layout Randomization relocate normally-predictable function entry points pseudo-randomly in memory. Windows ASLR re-bases DLL or EXE into one of 256 random locations in memory. Therefore, attackers using hardcoded addresses are likely to "guess correctly" one in 256 times. For more information regarding ASLR, visit the TechNet magazine article, Inside the Windows Vista Kernel: Part 3.

Windows XP + IE8 じゃASLRは使えないから

Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones


12/24 追記
マイクロソフト セキュリティ アドバイザリ (2488013) Internet Explorer の脆弱性により、リモートでコードが実行される
IE の新規アドバイザリ 2488013 を公開 - 日本のセキュリティチーム

EMET については、追って日本語での詳しい情報提供をしたいと思います。乞うご期待!

Internet Explorer の新たな脆弱性を調査中。セキュリティ アドバイザリ 2458511 を公開。 - 日本のセキュリティチーム

マd AA ry