"An online banner advertisement that ran on MySpace.com and other sites over the past week used a Windows security flaw to infect more than a million users with spyware when people merely browsed the sites with unpatched versions of Windows,"

I actually wrote a paper 5 years ago describing this ability, long before the securityfocus hack by fluffi bunni. That paper can be found here (It's rough!).

Article Link: http://blog.washingtonpost.com/securityfix/2006/07/myspace_ad_served_adware_to_mo.html