Microsoft has released a cumulative patch to fix two newly discovered vulnerabilities involving Internet Explorer's cross-domain security model. The patch also includes the functionality of all previously released patches for Internet Explorer 5.01, 5.5 and 6.0.

Unless fixed the newly found vulnerabilities could allow an attacker to possibly run malicious script by misusing a dialog box and cause a script to access information in a different domain. In the worst case, this could enable a Web site operator to load malicious code onto a user's system. In addition, this flaw could possibly also enable an attacker to invoke an executable that was already present on the local system.

According to DOE's Computing Incident Advisory Capability (CIASC), the risk associated with these vulnerabilities is high.

Read the original Microsoft bulletin.
Download the patch.