It seems that there is a hole in the Virtual DOS Machine that is used to run 16-bit applications in all version of Windows from 3.1 up to and including Windows 7 (SP1 too).The hole basically allows a user with restricted access to execute code at system privilege level.The fix is easy (if you don't run 16 bit apps), its simply a registry change. According to the article though Microsoft have known about the issue since mid 2009 which is kinda scary. You can read more at http://www.taranfx.com/windows-hacking.Why couldn't an exploit as serious as this be found for all IE6 versions!