Here are some of the most significant bugs from the past week in the BugBlog:
Microsoft has issued an out-of-cycle security bulletin (meaning they didn't wait for Patch Tuesday) for the VML Buffer Overrun bug in Microsoft Internet Explorer. This bug was being actively exploited by hostile web sites, and could completely take over your computer, as shown in the 9/26 and 9/20 BugBlogs. Microsoft has a patch.
There is a bug in the way that Mac OS X 10.4.x computers view JPEG2000 images. An attacker may be able to construct one of these images that can either crash the application viewing it, or run hostile code on your machine. Apple has fixed this in the Security Update 2006-006 and have also patched it in Mac OS X 10.4.8. They credit Tom Saxton of Idle Loop Software Design for finding this bug.