A vulnerability has been discovered in Internet Explorer that can be used to execute arbitrary code on an affected system. The vulnerability, located in the DirectAnimation ActiveX control, is caused by a memory corruption error when processing arguments that are passed to the KeyFrame() or Spline() functions. Successful exploitation could reportedly allow a remote intruder to take complete control of the user's system. A working exploit is circulating on the Internet. Microsoft is aware of the problem and is investigating the matter. The company said that it expects to release a patch in association with an upcoming Security Bulletin. In the meantime the company released an advisory, Vulnerability in the Microsoft DirectAnimation Path ActiveX Control Could Allow Remote Control Execution.
