Websense has now detected over 200 web sites exploiting the CreateTextRange vulnerability in IE 5.01 and 6.0 in order to deliver payloads of malware to desktops. One of the commonly pushed payloads logs keystrokes, which is the first step to identity theft.
Unfortunately, Microsoft is still weeks away from issuing a patch. According to Security Focus and the Washington Post, two Bessemer companies, eEye and Determina, have issued free software patches to close the vulnerability for IE users.
No worries for me--I use Flock.