According to Symantec's Sean Hittel, attackers have found a way to essentially serve users the vulnerability prior to exploiting it. — “Recently, we came across a rather unfortunate exploit case for the Access Snapshot Viewer ActiveX Vulnerability that took advantage of a property of the ActiveX system to exploit IE users who did not have the vulnerable control installed. How does one exploit a vulnerability that does not exist on a system you say? Sadly, attackers have found a way to install the vulnerable Access Snapshot Viewer ActiveX control through Internet Explorer prior to exploiting it.”
“Once this vulnerable control is installed on the victim’s computer, it is exploited in the same way as if the control was installed all along. To top it off, this attack is carried out as a drive-by attack, so the unprotected user may never know that they were vulnerable, or had been targeted, let alone infected,” Hittel stated.