Revision Note: Advisory updated to include additional mitigating factors. Msdds.dll file versions have also been revised: updated file version from 7.0.9446.0 to 7.0.9466.0 and added file version 7.0.9064.9143. Advisory Summary:Microsoft is investigating new public reports of a possible vulnerability in Internet Explorer. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time. Microsoft is aggressively investigating the public reports. The Microsoft DDS Library Shape Control (Msdds.dll) is a COM object that could, when called from a Web page displayed in Internet Explorer, cause Internet Explorer to unexpectedly exit. This condition could potentially allow remote code execution if a user visited a malicious Web site. This COM Object is not marked safe for scripting and is not intended for use in Internet explorer. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
More...