A zero-day remote code execution (RCE) vulnerability has been reported by Google and Qihoo 360. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Microsoft says they are aware of “limited targeted attacks”” targeting this vulnerability. No patch exists for this issue so far
Source: security