Via slashdot, some enterprising individuals released a “patch” for IE's url spoofing vulnerability.  The problem is that it has some pretty nasty buffer overflow vulnerabilities itself.  While you have to respect the “if MS isn't going to do it, I'll do it myself!” attitude, you know some conversation happened like this:

User 1: St0pid M$!  Can't fix their own bugs, we'll do it ourselfs!
User 2: Right on!  M$ can't write secure code anyways, lol!!!!!!!!11oneone111!!.  We'll do it for them.
User 1: Ok, we'll take two strings of length 256 and store them into another URL of 256 characters.  What could go wrong? 
User 2: M$ sux0rs!  We r0x0r the b0x0rs.  M$ and Bill$$$$$ will pay us big bucks for our fix

Here's the offending code btw: (snipped up a bit):

char surl[256];
strcpy(surl,"http://www.openwares.org/cgi-bin/expl oit.cgi?");
char sFake[256];
char sTrue[256];

// Phil: I got rid of a big if statement
strcat(surl,sFake);
strcat(surl,"&");
strcat(surl,sTrue); 

Wow.