The memory access vulnerability is designed to work on Windows XP with IE 7 and 8, and on Windows 7. The exploit targets the English version of Internet Explorer, but we believe the exploit can be easily changed to leverage other languages. Based on our analysis, this vulnerability affects IE 7, 8, 9 and 10. This actual attack of this memory access vulnerability can be mitigated by EMET per Microsoft’s feedback.
Update 2: Microsoft is releasing tomorrow a fix for this vulnerability (CVE-2013-3918) affecting Explorer ActiveX Control as "Bulletin 3" as MS13-090 listed in the November Microsoft Patch Tuesday Preview.http://isc.sans.edu/diary/IE+Zero-Day+Vulnerability+Exploiting+msvcrt.dll/16985