UNPATCHED Internet Explorer (6 & 7) Unspecified Code Execution Vulnerability

Note:  Per the Microsoft Advisory  http://www.microsoft.com/technet/security/advisory/981374.mspx  , this vulnerability impacts IE 6 and 7, but not (to the best of their understanding/testing) IE8

Users of IE6/IE7 might want to look at the Suggested Actions>Workarounds section.

Joe,

Thanks for the suggestion.   Just to stress, for anyone who does so, keep in mind that a "workaround" is just a "temporary crutch", that may partially mitigate the problem... it does not actually "fix" it.

Another approach (unless you're using an older 98/ME operating system) would be to upgrade your version of IE.   Each newer version offers greater security than its predecessors.   To cite just one particular aspect:

IE7 introduced an anti-phishing filter.

IE8 extended this to become a "SmartScreen" (anti-malware + anti-phishing) filter.  

Spilling the beans: how an AV vendor blog post led to exploit code

When AV vendors announce details of a new vulnerability, they are suitably vague so as to avoid giving the naughty lads an opportunity to exploit the problem.  This time, one of them went too far.

Complete article:
http://www.itwire.com/business-it-news/security/37550-spilling-the-beans-how-an-av-vendor-blog-post-led-to-exploit-code?start=1

Microsoft has released a "Fix-it" that addresses this vulnerability in IE6/7, until a permanent patch is released:
http://support.microsoft.com/kb/981374

An additional recommended "Fix-it" at the same link will turn on "Data Execution Prevention" (DEP) for users of IE6/7. Those using IE8 do not need this, as DEP is enabled by default.