Yup, you did not read it wrongly, it's called the IE 7.x Zero-Day Exploit. This is a nice rundown by HD Moore, with all the juicy technical details, of the recent zero-day exploit against Internet Explorer 7. The exploit, inadvertently released by Chinese researchers, involves how IE7 handles XML.
Probably I shall spare the technical details and just summarize for the peeps here. The problem in IE7 means a computer could be infected with malicious software merely by visiting a Web site, one of the most dangerous computer security scenarios. It affects computers running IE7 on Windows XP, regardless of the service pack version - meaning irregardless whether you're patched up to the latest services pack or not (XP SP 3 inclusive!)
My view on this? Use an alternative browser like Firefox or Chrome for the time being until Microsoft issues a patch for it.
Well, Microsoft has acknowledged the issue but has not indicated when it will release a patch:
“Microsoft is investigating new public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.”
If you're into the techie explanations, you may refer to these readings:Symantec, MSRC and SearchSecurity's Security Bytes blogs.
Microsoft issued its Security Advisory 961051 yesterday.
Source
netizens left a footprint.