The vulnerability allows malicious hackers to sneak code onto users computers, such as keylogging programs, or to monitor their activity. Because of that, it could be used in phishing scams
Less than 24 hours after the company's announcement that IE7 had been released, the browser's first vulnerability was reported by security firm Secunia.
According to the company's advisory, the flaw is rated as "less critical," because it does not allow attackers to gain control of a system. However, it does put users at risk for exposure of system and personal information, according to Secunia chief technology officer Thomas Kristensen.
"This is a vulnerability that was in IE6 which Microsoft apparently decided not to patch," he said. "It was a surprise to us to see it wasn't fixed." "Microsoft has to reconsider this one," he said. "It's not critical because it can't compromise a system, but it is still a potent way to get information off the system of an unsuspecting user."