Versions older than IE9 are vulnerable.

http://www.infopackets.com/news/busi...discovered.htm