Symantec provided some details on the flaw, suggesting it is within CSS handling. It isn't considered to be widespread and hasn't been seen much, if at all, in the wild -- likely to "unreliability". A more "reliable" version of the exploit is likely in the works, Symantec claims, so protecting yourself sooner rather than later is a good idea. Like many browser-based flaws, it requires little user interaction to spring itself; merely visiting a compromised website is enough to become infected.
A patch does not yet exist for the flaw, though there is nothing stopping IE6 or IE7 users from upgrading to IE8. Whether or not this flaw is urgent enough for Microsoft to provide a fix out of cycle remains to be seen.