This week the Symantec Security Response Blog reported a new vulnerability in Internet Explorer 6 and 7 that allows a script to transfer visitors to a legitimate website to a page hosting an exploit that downloads malware to the computer. Any remote program can be executed without the user’s awareness, and the malware opens a backdoor and contacts remote servers to download files. You can read more about it here:
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks