A remote code execution vulnerability exists in the ActiveX control hxvz.dll and an update that includes kill bits that will prevent ActiveX controls from being run in Internet Explorer. The risk is MEDIUM. An attacker who successfully exploited this vulenrability could gain the same user rights as the logged on user.
More...