This vulnerability affects Internet Explorer in XP SP3, Vista SP0, SP1,
and Server 2008.
This vulnerability was not fixed in MS08-073 which was released
2008-12-09 (patch Tuesday).
The vulnerability only affectes IE 7 and exploits fully patched
machines. In its current incarnation, the exploit runs a password
grabber, however, the exploit could be modified.
Mitigation recommendations from Microsoft include running IE in
Protected Mode, or with Enhanced Security Configuration (server
2003/2008). Exploitation gives user level access to the computer, so
running IE as an unprivileged user is recommended.
Using and alternative browser is another mitigation step.
Please watch for an update for this vulnerability.