Romang discovered the vulnerability while monitoring an infected server that was being used to abuse the zero-day Java flaw. On the server he noticed a file named exploit.html, it loads a Flash file, which in turn loads a file named protect.html that checks if the user runs Internet Explorer 7 or 8 and then exploits the flaw to install a Trojan onto the victim's PC.
In the video clip below, Romang shows how the vulnerability can be exploited to infect a fully-patched Windows XP system.
Windows XP users are advised to use Mozilla Firefox, Google Chrome or another third-party browsers as Windows XP is not supported by Internet Explorer 9. It's unknown when Microsoft plans to patch this issue.