I'm not sure of the technical details, but there's a spam email going around claiming it's from symantec, something about smtp protection. If you're using ie, and you click the link in the email, a virus or spyware is downloaded onto your machine. No "windows has blocked active content". No "would you like to install". It just installs. The vulnerability may have been patched by now, but it was discovered long after sp2 was released. The original article on the vulnerability (i can't find it, i just looked) was on
http://insecure.org.