An exploit for all versions of Internet Explorer was discovered in the wild yesterday. The original exploit discovered and reported to Microsoft in May would only hang IE, but this new discovery allows an attacker to execute any program on your computer. Using a weakness in the way IE handles the JavaScript window() function, an attacker could for example open the command prompt with a command to delete the contents of your My Documents directory. The possibilities are almost endless to what this could be used for. No patch has been issued by Microsoft at this time, but running as a limited account under XP will reduce the ability of this to make drastic system-wide changes.
There is also another solution which works just as well 😉