"Security researchers have published a zero-day exploit for Internet Explorer this week that allows remote code execution on most variants of Windows. The vulnerability targeted by the exploit was originally announced in May as a stability issue resulting in the browser closing. "So, a DoS vulnerability that turns out to be a remote exploit. M$ knew about it at least since May and did find the remote exploitability, but some clever hackers did. For the most part I treat DoS vulnerabilities as if they could lead to remote code execution (if they deal with memory, not the TCP SYN flood type DoS).