There s a dangerous vulnerability in Internet Explorer 6 & Internet Explorer 7 being exploited in the wild. The vulnerability affects Windows XP Service Pack 0 to Service Pack 2. Microsoft hasn t released a patch yet, but they have provided a work-around. Some people have simply recommended turning off JavaScript to mitigate this issue. However this vulnerability is a trivial buffer overflow which makes it possible to overwrite the SEH handler. Thus, heap spraying is not required and turning off. JavaScript only mitigates attacks from less skilled attackers.
Source: https://threatpost.com/demo-exploiting-microsoft-msvidctl-directshow-flaw-070709/72821/