There is a new vulnerability out there, and SANS has reported it in the wild.
We are on the lookout for sites and I will update as we get more information.
For now, here are your references:
Microsoft Security Advisory #927892 “Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution”
Secunia “Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability”
Securiteam “ActiveX – reason of the newest Windows 0-day, again”
CERT advisory.
Alex Eckelberry
(And thanks to Juha-Matti Laurio)