XP SP2 über patch already needs fixing
 

The first new vulnerability affecting Internet Explorer on Windows XP with SP2 has been discovered

The vulnerability allows malicious websites to place an executable file in a user's start-up folder when a user drags or clicks on a program masqueraded as an image. http-equiv of malware.com, a so-called White Hat hacker, has posted a sample exploit which demonstrates security weaknesses in the drag and drop function of IE that give rise to the exploit.

http://www.theregister.co.uk/2004/08...cripting_vuln/