I run a pretty tight ship when it comes to updates.  I have a WSUS server and
most of my PCs update completely automatically, including the PC I am writing
about today.  It is fully updated with all availble security updates as are
all Microsoft software products.  That does't exclude non-Microsoft products
as a security hole, of course.

I started getting ads popping up in IE windows so I got pretty suspicious.  
I ran a scan with my AV (F-Prot) with no viruses found.  I had, though,
recently had a few viruses found as I surfed the web site for an
international manufacturer for a hobby. Remember a found virus is a stopped
virus; it's the unfound ones you have to worry about.  I reported the virus
to the company and it appears - from others I have talkedto - that they
cleaned it up.  I haven't been back to the site.  The viruses found on the
site were js_psyme and html_iframe.  Both of these viruses attacked the ADODB
stream vulnerability from a couple years back.  Since that opening has long
been fixed on my PCs, I didn't worry those viruses being found.  

Suddenly, yesterday, I started gettng these popup ads.  I ran Trend Micro
HouseCall and that found another virus, presumably missed by F-Prot, called
JS_Small.ftj.  The data from Trend Micro about this virus says:

[Quote]It takes advantage of an unknown vulnerability in Internet Explorer
to allow to download possible malicious files on the affected machine. It
does this by using the vulnerable CLSIDs from the affected system.[End Quote]

So what is up with an "unknown vulnerability" in IE7?  I know there are
probably dozens or hundreds of unknown vulnerabilities in IE7 but since the
virus report on this has been out since May 8, 2008, how is this still
unknown and when will there be a patch?  I know that it is a rhetorical
question but I still wanted to raise it.