Add one more 0day Vuln to Microsoft's list of things to fix on November 14th 2006.

IE7 has a more modern approach to security than its predecessor IE6. Adopting a less-is-more attitude towards ActiveX controls (read: attack vectors), MS has limited the attack surface of IE7.

What's New in IE7 for ActiveX
Because ActiveX controls, or any browser extension, add features for Web sites, they also increase the possibility of a security vulnerability. Internet Explorer 7 (IE7) will reduce the number of ActiveX controls available to Web sites on the Internet and thereby reduce the chances of a security vulnerability. IE7 makes it easy to use common sites with important controls but lets users opt-in to using the advanced features that might be exposed by more obscure ActiveX controls.

Despite this approach IE7 has already had a rough debut [Release: October 18, 2006]
Internet Explorer 7 Window Injection Vulnerability [SA22628]
Internet Explorer 7 "mhtml:" Redirection Information Disclosure [SA22477]
Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability [SA22687]
Microsoft Internet Explorer RemoveChild Denial of Service Vulnerability [bid20812]

Not surprisingly their workaround advice is to disable the ActiveX control:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88d969c5-f192-11d4-a65f-0040963251e5}]
"Compatibility Flags"=dword:00000400

Although Microsoft continues to be plagued by browser related security issues, their response to these events has improved. The amount of detail that MS publishes even before a patch is available continues to impress.
Microsoft Security Advisory (927892)