Another severe IE security vulnerability found

[aww]

Here we go again, fully patched systems, even with SP2 allow this bug to slip through:

http://secunia.com/advisories/12321/

The vulnerability is caused due to insufficient validation of drag and drop events issued from the "Internet" zone to local resources. This can be exploited by a malicious website to e.g. plant an arbitrary executable file in a user's startup folder, which will get executed the next time Windows starts up.

Microsoft officially will only release patches every 2nd Tuesday of the month. That's almost a full 30 days away. Save yourself some pain, switch to FireFox, Opera, etc.