A malicious website or malicious ad can trigger an exploit for the IE zero-day bug, opening the door for data theft and code execution, new analysis notes.