The data-binding exploit is apparently capable of delivering viruses, trojans and pretty much any malware the exploiters take a fancy to delivering. This would by extension include keyloggers and website infectors.
The best advice so far is to use a non-IE browser and avoid any suspect sites….
NB: Trend Micro do NOT currently provide a protection for this issue (see last link on page).
“Internet Explorer Data Binding 0-Day Clarifications”
To clarify three common incorrect assumptions about this vulnerability:
Assumption: Only Internet Explorer 7 is vulnerable.
Correction: No, at least Internet Explorer 6 is also affected, but not by the public exploits that are currently available. According to Microsoft’s updated advisory, IE 5.01 is also affected. We have not confirmed this yet, but it seems plausible.
Assumption: The core problem is related to XML processing.
Correction: No, it’s related to data binding. Working exploits can be created nicely without using XML.
Assumption: Setting the security level to “High” for the “Internet” security zone or disabling “Active Scripting” support protects me against attacks.
Correction: Technically no. It is still possible to trigger the vulnerability. However, it does make exploitation trickier as it protects against attacks using scripting.
“IE zero day bites broader group of users”
“More on the Internet Explorer zero-day”
“Vulnerability in Internet Explorer Could Allow Remote Code Execution (961051)”
The link that Trend Micro point to at Microsoft…. (which does NOT fix the problem, just reduces the odds of infection…)