Websense Security Labs has received reports of a new Internet Explorer "zero-day" vulnerability which could allow the launching of code without consent from the end-user. The vulnerability...is similar to the "drag-and-drop" vulnerability that has been exploited in the past.
As the vulnerability outlines, a specially crafted website would have to dupe a user into dragging and dropping an item from one window to the other. Upon releasing the mouse in the newly focused window the code will run without consent.
Internet Explorer Drag-and-Drop Redeux