28.12.2004 : Internet Explorer Remote Command Execution Exploit.

This unpatched vulnerability is a variant of the "Auto SP2 RC Exploit"
It can be exploited to bypass the "Local Computer" zone lockdown
security feature in SP2 and allow execution of arbitrary commands.

K-OTik Security confirmed this vulnerability on a fully patched
Windows XP SP2 system with Internet Explorer 6.0

Solution : Set the security level to "High" in Internet Explorer or Use another browser.

More at http://www.k-otik.com/exploits/20041228.CMDExe.php

Like they said : Use another browser