IE7 0-Day in the wild today. The proof of concept code is available on Milw0rm site.
SANS has a write up on the 0-Day that “is *not* patched with MS08-073 that was released yesterday. I can confirm that the exploit works in a fully patched Windows XP machine.”
From Milw0rm:
// k`sOSe 12/10/2008 – tested on winxp sp3, explorer 7.0.5730.13
// windows/exec – 141 bytes
// http://www.metasploit.com
// EXITFUNC=seh, CMD=C:\WINDOWS\system32\calc.exehttp://(snip)
# milw0rm.com [2008-12-10]
The folks at Websense should have an alert posted shortly. And here is the link for the Secunia advisory. McAfee has a posting regarding this matter.
UPDATE: (Dec. 12) Also affects IE5 IE6 and IE8 Article Link