From the Microsoft Security Response Center blog,


"We’ve gotten some questions here today about public reports claiming there’s a new vulnerability in Internet Explorer 7.  This is an issue that we have under investigation and so we have some technical information we can share about the issue.


reports are technically inaccurate: the issue concerned in these
reports is not in Internet Explorer 7 (or any other version) at all.
Rather, it is in a different Windows component, specifically a
component in Outlook Express. While these reports use Internet Explorer
as a vector the vulnerability itself is in Outlook Express."