As mentioned at The Register, another cross domain scripting flaw in Internet Explorer has been discovered:
Possible exploits include elevating privileges, arbitrary command execution, local file reading and stealing arbitrary cookies. [the usual stuff, natch]
[...]
To guard against the vulnerability, PivX suggests that administrators should disable ActiveX scripting until a patch is available. [no surprise there]
[...]
Oh, and according to PivX (the people who discovered this hole), Internet Explorer is subject to 19 unpatched security holes.
If you’re an IE user, why not give Mozilla a try? Security and Open Source: two great tastes that taste great together :).