There is a newly discovered vulnerability in Internet Explorer 6 and 7 that could enable an attacker to take complete control of a vulnerable machine. The flaw lies in the way that Internet Explorer handles CSS data. The vulnerability is the result of a dangling pointer in the Microsoft HTML Viewer. An exploit for the vulnerability in IE was published on the Bugtraq mailing list Friday, but experts say it is not very reliable at this point. In lieu of a patch, users should disable JavaScript in IE to prevent exploitation.
Source: https://threatpost.com/new-zero-day-flaw-discovered-ie7-112209/73151/