XMLHTTP ActiveX 0Day
On Nov 3rd 2006, Microsoft put out an advisory that the XMLHTTP 4.0 ActiveX control was being exploited in the wild. A couple days later ISC posted its initial article about the problem, and later a follow-up article which talked more about the actual exploits being seen in the wild. As stated by ISC and in the MS advisory, the important mitigating factor is that this ActiveX component is not included in Windows by default. Rather, it is a component of the Microsoft XML Core Services (formerly known as MSXML) package which is used by things such as Visual Studio. This puts the threat in the same potentially vunerable population as the Visual Studio-requiring exploit I have recently posted about here.
For this particular ActiveX vulnerability, the solution is to set the kill bit for
88d969c5-f192-11d4-a65f-0040963251e5
or set your security zone to high, or to specifically configure IE to prompt before running ActiveX controls.
Note: This is different than the CVE-2006-4685 vulnerability in MSXML which was patched with MS06-061
This issue has subsequently been addressed in MS06-71
