A new zero-day vulnerability is being exploited in Internet Explorer to attack Syrian dissidents. The vulnerability spans all versions of IE6 through IE11 and remains unpatched at this time. The CVE for this vulnerability called Use-After-Free is here. It is expected that now that the vulnerability is disclosed, more attackers will develop exploits for the browser.
Credit goes out to FireEye for disclosing the exploit and mitigation techniques here.