Exploits using this vector trigger prior coverage on our CVE-2008-4844 Snort rules. Malware is surreptitiously pushed to a victim’s computer via an exploit at one time found at http://wieyou.com (most exploits are taken down within hours) The root cause for this vulnerability was found to be the incorrect handling of certain XML tags in Internet Explorer that references already freed memory in mshtml.dll. Attackers use a rarely used registry key to make sure that malicious code is run when other files are invoked.”]
Source: https://blog.talosintelligence.com/2008/12/rootkit-takes-advantage-of-ms08-078.html