Well, it seems that another problem with Active X Video has gone Zero Day. Drive by (click by?) attacks are now exploiting the hole in the MS972890 advisory. This only affects IE, and only XP and 2003, so yes it is rather limited, but XP and 2003 are still very prevalent in the world.

The advisory does have a link on how to work around the vulnerability with a kill switch setting on the DLL file. Just shows another reason why I would not use IE if the web site does not require it.