Interesting. Although I've started developing a personal hate for IE7 at this point for other reasons. I think this may highlight that a lot of vulnerabilities are no longer OS specific and that one shouldn't assume that just because it's not listed for your OS that you aren't vulnerable (until it's verified as such -- and even then, I'd be suspicious).