You can read the Secunia's advisory here. According to Secunia, the vulnerability affects fully patched Windows XP systems with Service Pack 2.
Christopher Budd from the Microsoft Security Response Center responded to the announcement by blaming the problem on Outlook Express. "The issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express," said Budd.
Thomas Kristensen, Secunia's CTO, disagrees with Budd and said that the vulnerability is "fully exploitable" through IE7 and adds that IE7 is "the primary attack vector, if not the only attack vector."
You can download Internet Explorer 7 from Microsoft's website here.
Edited by james_8970, 21 October 2006 - 09:00 PM.