Microsoft is expected to provide fixes for two zero-day vulnerabilities tomorrow, but they don't include the MHTML remote code execution flaw revealed at the end of January.
In it's advance notification
for the upcoming security bulletins, Microsoft announced that it will release two patches postponed last month.
They will cover a use-after-free vulnerability in Internet Explorer, identified as CVE-2010-3971, and originally disclosed at the beginning of December as a denial of service condition.
The flaw later proved exploitable for remote code execution and proof-of-concept attack code that bypasses DEP and ASLR protection was developed.