The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. Researchers at Hustlelabs demonstrates a proof-of-concept attack that takes full control of a Windows machine. It works by causing IE to load MPEG2TuneRequest, an Video ActiveX Control vulnerability (CVE-2008-0015), that Microsoft patched with the release of Security Bulletin MS09-032.

Source:→ The Register