An anonymous reader writes "An open source and freeware software development web site has released a patch to fix the URL spoofing vulnerability in Internet Explorer, which can be exploited by scammers who try to trick people into revealing details of online banking accounts or other private information."
Naturally, the source for the patch is available as well. Update: 12/19 15:06 GMT
: Sadly, the patch appears to contain a buffer overflow and some possibly-malicious code - see an analysis
and news story
, and this comment
which suggests the patch author is trying to figure out who is taking advantage of the original vulnerability. Caveat patcher.