We?re still investigating, but we have confirmed this vulnerability and I am writing a Microsoft Security Advisory on this. But we wanted to make sure customers knew we were aware of this and we will address it in a security update. If you're using the new refresh of the IE7 Beta 2 Preview announced at Mix06, then you are not affected by the public report. Microsoft Security Center Blog