There are a couple exploits that were "patched" but not fixed.
They know about it, they just haven't fixed it yet.
http://www.microsoft.com/technet/tre...n/MS03-026.asp
http://www.microsoft.com/technet/tre...n/MS03-039.asp
http://www.microsoft.com/technet/tre...n/MS03-032.asp
There was a email on Bugtraq a few days ago giving an example how scripting doesn't even need to be enabled for it to work.
I posted it here a few days ago as well.
The best thing to do is to change your IE security level to HIGHEST (to turn off scripting, cookies, activeX etc) until it's properly patched.
I'm not sure if Mozilla or Opera is vulnerable on this one... someone said it was. I haven't had a chance to check yet.... but I've been thinking about switching to Mozilla for awhile now.
Btw, this exploit also works in Outlook. Meaning, you can just get emailed the exploit & a trojan and you're infected.
One of the drawbacks of using the most popular applications I guess
