Microsoft is investigating a privately reported vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

Link:
http://support.microsoft.com/default.aspx/kb/972890

Check out these posts too:

  1. Zero-day vulnerability in PowerPoint spawns Microsoft alert
  2. Microsoft is on the verge of begging you to drop IE6
  3. Microsoft Security Bulletin MS08-067 – Critical
  4. Internet Explorer and Firefox Vulnerability Analysis Report
  5. Internet Explorer 7 Beta 3
  6. Microsoft Adds Clickjacking Protection to IE8
  7. Does MS think users are this stupid?