Microsoft has released information on another Active X hole. This time it is in the web components found in their office products.
This makes the third zero-day exploit in the past two months. The exploit works by getting people to browse to malicious websites that have the payload either embedded in the html code or by convincing the user to download the virus.
Microsoft has a work around for the exploit available and is working very hard to get a patch out to fix this issue. In the meantime several sites (mostly in China) have popped up with the malicious code.
The exploit allows for system wide control if the proper code is inserted.
Find the work around here.