IE7 0-Day in the wild today. The proof of concept code is available on Milw0rm site.
SANS has a write up on the 0-Day that “is *not* patched with MS08-073 that was released yesterday. I can confirm that the exploit works in a fully patched Windows XP machine.”
// k`sOSe 12/10/2008 – tested on winxp sp3, explorer 7.0.5730.13
// windows/exec – 141 bytes
// EXITFUNC=seh, CMD=C:\WINDOWS\system32\calc.exe
# milw0rm.com [2008-12-10]
UPDATE: (Dec. 12) Also affects IE5 IE6 and IE8 Article Link