Zero-day ActiveX Hole in Windows XP Under Attack - PC World
... the new threat which could allow for a drive-by-download infection if you simply view a poisoned Web page using Internet Explorer - no click required. Windows Vista and 2008 are not affected ... Also, while Microsoft's advisory doesn't specify which versions of IE are vulnerable, additional analysis from Symantec says that IE 6 and 7 are at risk, but the new IE 8 is not.
Microsoft Warns of New Zero-day Bug for XP - InternetNews.com
Windows users ambushed by attack on fresh IE flaw ? The Register
"An attacker who successfully exploited this vulnerability could gain the same user rights as the local user," company security representatives wrote. "When using Internet Explorer, code execution is remote and may not require any user intervention."