Microsoft is investigating new public reports of vulnerability in Microsoft Internet Explorer on Windows 2000 Service Pack 4, on Windows XP Service Pack 1, and on Windows XP Service Pack 2. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. We are also aware of proof of concept code published publicly but we are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time. We will continue to investigate these public reports.
The ActiveX control is the Microsoft DirectAnimation Path ActiveX control, which is included in Daxctle.ocx...
Secunia rates the issue as 'highly critical', its most severe rating.