We are talking of fully patched Windows XP installations. Furthermore
"Exploit code for a critical flaw in fully patched versions of Microsoft Corp.'s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.
The zero-day exploit, posted by a U.K.-based group called "Computer Terrorism," could allow a remote hacker to take complete control of a Windows system if the victim simply browses to a malicious Web site.
Ziff Davis Internet News have verified that the exploit works on fully patched Windows XP systems with default IE installations."
So dump IE and download Firefox.
"We have also been made aware of proof of concept code that could seek to exploit the reported vulnerability but are not aware of any customer impact at this time but Microsoft will continue to investigating these public reports," the spokeswoman added.
The proof-of-concept exploit, which is available from the FrSirt site, currently launched the Windows Calculator (calc.exe) but can be easily modified by malicious hackers.
The proof of concept example is at the Computer Terrorism site.