It's a vuln in Outlook Express. It has nothing in particular to do with IE7. As noted, it was found years ago, and verified in IE6 in April. The fact that it shows up in IE7 only means that the proper place to patch it is in Outlook Express or some shared DLL.
I dislike Microsoft, and their products, and only use them when I have to. But geez, calling this a flaw in IE7 is simply innaccurate.
See here