The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites.

2. Affected Software

    - Internet Explorer 5.01 SP4 on Windows 2000 sp4
    - Internet Explorer 6sp1 on Windows 2000 sp4
    - Internet Explorer 6sp2 on Windows XP sp2
    - Internet Explorer 6sp2 on Windows XP sp3
    - Internet Explorer 7 on Windows XP sp2
    - Internet Explorer 7 on Windows XP sp3
    - Internet Explorer 7 on Windows Vista sp1
    - Internet Explorer 7 on Windows Vista sp2
    - Internet Explorer 7 on Windows Server 2003 sp2 if Protected Mode is OFF and not using Enhanced Security Configuration
    - Internet Explorer 7 on Windows Server 2008 if Protected Mode is OFF and not using Enhanced Security Configuration
    - Internet Explorer 8 on Windows XP sp2
    - Internet Explorer 8 on Windows XP sp3
    - Internet Explorer 8 on Windows Vista sp1 if Protected Mode is OFF
    - Internet Explorer 8 on Windows Vista sp2 if Protected Mode is OFF
    - Internet Explorer 8 on Windows 7 if Protected Mode is OFF
    - Internet Explorer 8 on Windows Server 2003 sp2 if Protected Mode is OFF and not using Enhanced Security Configuration
    - Internet Explorer 8 on Windows Server 2008 R2 if Protected Mode is OFF and not using Enhanced Security Configuration

3. Solution

Currently, the security update for this vulnerability has not been released, thus please do not visit the untrusted websites.

By setting JavaScript to be disabled, user can encounter against the vulnerability temporarily untill security update release.

** In case of setting JavaScript to be disabled, sites may not be worked properly.

Internet Explorer>Tools>Internet Options>Security>Internet>Custom level>Set disable for "Active Scripting"

4. Link

http://www.microsoft.com/technet/security/advisory/980088.mspx