Microsoft has issued a security advisory acknowledging a remote code execution flaw in Windows XP and Windows Server 2003 running IE 7 that could be exploited to take control of vulnerable machines. The problem lies in the handling of Uniform Resource Identifiers (URIs). While the advisory does not say explicitly that a patch will be issued to address the flaw, a Microsoft Security Response Center blog entry indicated the company is developing a fix for the problem. The posting also said that Microsoft had decided to address the problem because it had received so much press that attackers are more likely to try to exploit it.
The MS Security Response link is: