This is from the Microsoft Security Response Center Blog!
This is Information on Reports of IE7 Vulnerability by Christopher Budd.
"We've gotten some questions here today about public reports claiming there's
a new vulnerability in Internet Explorer 7. This is an issue that we have under
investigation and so we have some technical information we can share about the
issue."
"These reports are technically inaccurate: the issue concerned in these reports
is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a
different Windows component, specifically a component in Outlook Express. While
these reports use Internet Explorer as a vector the vulnerability itself is in
Outlook Express."
"While we are aware that the issue has been publicly disclosed, we're not
aware of it being used in any attacks against customers. We do have this under
investigation and are monitoring the situation closely and we'll take appropriate
action to protect our customers once we've completed the investigation."
I hope that helps to clarify.
Christopher
Ref:
http://blogs.technet.com/msrc/archive/2006/10/19/information-on-reports-of-ie-7-vulnerability.aspx