A great article at ZDNet explaining how Vista + IE7 stopped the latest IE 0day from exploiting the machine.
"The initial security warnings are hardly perfect. I've seen similar ActiveX opt-in dialog boxes for other built-in ActiveX components. How is an unsuspecting user supposed to know which one is safe and which is dangerous? And the list doesn't work on a per-site basis. If I had visited a site that legitimately used the VML control last week, before this exploit hit the news, I would probably have approved it. And once I had done that, it would have been on the safe list for good. There's no way to undo that decision, as far I can tell. Once you tell IE7 that an installed control is OK, any site can try to use it."
Article Link: http://blogs.zdnet.com/Bott/?p=141