Yesterday Microsoft announced that they are investigating a privately reported vulnerability in Microsoft Video ActiveX Control. If an attacker success in exploiting this vulnerability, he could gain the same rights as the local user. And now to the “sad” (and some what expected) part: When using Internet Explorer it could all happen without you knowing it, it’s done remote and does not require any user intervention.
Microsoft recommends that Windows XP and Windows Server 2003 customers remove support for this ActiveX Control within Internet Explorer. Though unaffected, they also recommend that Windows Vista and Windows Server 2008 customers apply the same measures.