UPDATE: Microsoft has posted an emergency Fix It solution for this vulnerability as of late on 06 July 2009.
Microsoft posted today at the Microsoft Security Response Center (MSRC) concerning new attacks against a Microsoft Video Active X Control that impacts Windows XP and Server 2003 users. Security Advisory 972890 contains further details.
Specifically, we’re aware of a code execution vulnerability within this control that can enable an attacker to run code as the logged-on user if they browse to a malicious site.
We have an investigation into this issue under way as part of our Software Security Incident Response Process (SSIRP) and are working to develop a security update to address the issue.
Microsoft reports they are actively working on a solution and will post one as soon as they have it. You can get updates on this from the advisory itself or the MSRC web site. Personally, I subscribe to their RSS feed because it is handy to be aware of these things in a timely manner.
If your really into the nitty-gritty details of these type of things then check out the New vulnerability in MPEG2TuneRequest ActiveX Control Object in msvidctl.dll entry at the Microsoft Security Research & Defense blog.
