Microsoft Security Advisory service provides information on active issues in any Microsoft product currently in any of the support windows (sorry about the pun.)
MS-SA2501696[1] describes a publicly Reported vulnerability in how MS software handles certain data requests using MIME and is essentially an issue with all versions of MS Windows, rather than the browser, MS Internet Explorer but is only exposed through IE as far as I can tell from the announcement.
The issue can allow a “Client Side Script“[2] attack that can disclose information, take action in a web page without use consent or Spoof the returned content.
No fix yet but if you disable scripting as described in the article then you effectively prevent this vulnerability being activated. ActiveX, VBScript and JavaScript scripting have had very bad press over the years anyway, such as XSS[3], but are still required for many websites to function correctly.
The CVE entry for this issue, CVE-2011-0096[4], has yet to be updated.
References
[1] MS Security Advisory 01/02/2011
[2] Wikipedia (Client Side Scripting) 01/02/2011
[3] TechTarget (XSS) 01/02/2011
[4] CVE (2011-0096) 01/02/2011
– Posted using BlogPress from my iPhone
harlekwin 
CVE-2011-0096 has now been published as “candidate“.
Posted by harlekwinblog | 2011/02/02, 1:29 pm