There is an unpatched vulnerability for Internet Explorer 7 being actively exploited in the wild. The details are public, so any bad guy can take advantage of this. It’s a heap overflow in the XML parser, for you geeks out there. It affects all current versions of Windows.
Microsoft issued an advisory with workarounds that prevent exploitation:
- Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in these zones.
- Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.
- Enable DEP for Internet Explorer 7.
- Use ACL to disable OLEDB32.DLL.
- Unregister OLEDB32.DLL.
- Disable Data Binding support in Internet Explorer 8.