Didn't come as a suprise that IE would have (yet) another security breach!!
from : http://www.virus999.co.uk/index.php?...ticle&artid=95

The vulnerability is due to the fact that a script on an HTML-site can be brought to execute under fewer restrictions than normal, by letting a user start the script by pressing the SHIFT or the CTRL-key.

This can be utilized for uploading files from the user's computer, without the user knowing about this.

Microsoft has stated that this is not a security problem, cf. their policy and at present they will therefore not release a patch, which eliminates the vulnerability.
Microsoft and their policy.......