This has just become a 0-Day exploit. A PoC was released by
milw0rm.com yesterday regarding the createTextRange() vulnerability
In the mean time while this is not yet patched, you’ll need to
turn off Active Scripting, as this exploit requires scripting
technology. This should eliminate your chances of getting exploited
through this vulnerability.
Update(JJ, 24 March 2006 20:47:57)
IE is not the only browser affected by this vulnerability. I
tried it on firefox and it died same as IE.
Update(Jessie, 25 March 2006 01:13:21)
As we have predicted, whenever a Zero-day exploit with
Proof-of-Concept has been released in the internet, malicious
authors will immediately create ways to take advantage of that
We have just received a report that a malicious internet site
hosts the new IE 0-day exploit that has the same code as what
milworm and unl0ck team has posted a while ago. This time, upon
successfull exploitation, it will download and execute a malicious
file to the affected system named, updater.exe which seems to be
part of a botnet. The files are submitted to the service team and
currently udergoing detailed analysis.