New IE Zero-Day found in Watering Hole Attack - FireEye
The memory access vulnerability is designed to work on Windows XP with IE 7 and 8, and on Windows 7. The exploit targets the English version of Internet Explorer, but we believe the exploit can be easily changed to leverage other languages. Based on our analysis, this vulnerability affects IE 7, 8, 9 and 10. This actual attack of this memory access vulnerability can be mitigated by EMET per Microsoft’s feedback.
Microsoft Security Advisories にはまだでていない。
関連
http://d.hatena.ne.jp/noushibou/20130618/1371528066
11/12 追記
IEにまた新たな脆弱性、「水飲み場型攻撃」で悪用も - ITmedia エンタープライズ
Update 2: Microsoft is releasing tomorrow a fix for this vulnerability (CVE-2013-3918) affecting Explorer ActiveX Control as "Bulletin 3" as MS13-090 listed in the November Microsoft Patch Tuesday Preview.
http://isc.sans.edu/diary/IE+Zero-Day+Vulnerability+Exploiting+msvcrt.dll/16985
ActiveX Control issue being addressed in Update Tuesday - MSRC