The malicious JavaScript in question only served the exploit code to browsers whose language was either English (U.S.), Chinese (China), Chinese (Taiwan), Japanese, Korean, or Russian. Once the initial checks passed, the JavaScript proceeded to load an Adobe Flash file named “today.swf.” This file ultimately triggered a heap spray in IE and downloaded a file named “xsainfo.jpg.”

More details of the vulnerability are available at the CERT Knowledgebase ( VU#154201). Here’s the full technical description:

via Microsoft investigating new IE vulnerability used in targeted attacks, IE9 and IE10 users are safe – The Next Web.