http://msmvps.com/blogs/donna/archive/2007/07/10/internet-explorer-0day-exploit-us-cert-is-aware.aspxThere is an input validation flaw in Internet Explorer that allows you to specify arbitrary arguments to the process responsible for handling URL protocols. This is the same type of input validation vulnerability that I discovered in the Safari 3 betaenCommunityServer 2008.5 SP2 (Build: 40407.4157)