Microsoft Security Advisory (977981)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
(Formatting for emphasis added by me.)
Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 and Internet Explorer 8 on all supported versions of Microsoft Windows are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are affected.
The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions for a CSS/Style object to be accessed after the object is deleted. In a specially-crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code.
This is still under investigation by MS--as related in the article a patch for this vulnerability may or may not be released. The upshot is that if you haven't upgraded to Internet Explorer 8 yet you would best do it now. Or use alternate browsers, such as Firefox and Opera, exclusively. In my opinion, it is best to have a secure version of Internet Explorer onboard even if your default browser is something else.
Read the entire article for workarounds, which include enabling Data Execution Prevention. However, as is usually the case with workarounds issued by MS, they could significantly alter your user experience.