Microsoft was unavailable for comment but Searle did confirm that the zero-day exploit is in-the-wild.
Symantec's recent IT Risk Management Report found 77 percent of all Web browser attacks targeted Internet Explorer.
The vulnerability cannot be used for remote code execution because IE7 runs most of its local resources such as navcancl.htm in its "Internet Zone.
IE7 (Internet Explorer 7.0) reached its 100 millionth installation mark almost two months ago with this figure rising rapidly.
It is the last figure made available from WebSideStory, the company Microsoft uses to measure browser usage.