DirectAnimation ActiveX control 0Day

From the first released exploit code:

"When Internet Explorer handle DirectAnimation.PathControl COM object(daxctle.ocx) Spline method, Set the first parameter to 0xffffffff will triggers an invalid memory write, That an attacker may DoS and possibly could execute arbitrary code."

This vulnerability was given CVE IDs CVE-2006-4446 after the first exploit code was released, and then later CVE-2006-4777

The vulnerability's Microsoft advisory can be seen here. However, as Microsoft's advisory only references CVE-2006-4777, note the difference in it's timeline and that of the Internet Storm Center here.

This vulnerability was subsequently addressed in MS06-067 during the Novermber patch cycle.