InfoWorld says this new hole “Could be Devastating“.
I would have to agree. The last big bad hole is over a month old and still hasn't been patched. According to Scoble, the testing process takes a while, but Bill Gates claimed there was a 24 hour response time for security holes and the fact that a simple string replacement function is all that was needed makes me think that this current hole is going to wreak some havoc before it is patched.
The problem isn't with educated users, of course. Who among us uses IE for anything other than testing (or watching embedded MediaPlayer 9 video) these days? Looks like another reason to try to wean our less-savvy friends and relatives off of IE.
You can test/confirm the IE exploit here.