The Microsoft Security Response Center has posted a blog entry that talks about this vulnerability that is being reported in the news in IE7. This is a publicly disclosed vulnerability which is actually in Outlook Express (OE) and uses Internet Explorer as a vector. Its not an issue with IE7 or any other version of IE. There’s no known exploit that uses this vulnerability, one which is classified as ‘less critical’ by secunia.
Just to clarify, the claim that this is a vulnerability found in IE7 is incorrect. Its a known issue with OE and as of typing this blog post, its not being used by any malicious exploit to attack the user.
Cheers and happy browsing with IE7.