This is the flaw that was key in the 'Operation Aurora' attack on Google
last week. There are several workarounds that could be employed to help
mitigate the attack.
Running with Internet zone set to High, running with Data Execution
Prevention (DEP) or not running Internet Explorer at all will help to
avoid this issue.
It is recommended that IE users follow these steps to protect
themselves. More information here: