The flaw affects people running Internet Explorer on machines running Windows XP or Windows Server 2003. A remote, unauthenticated attacker could execute arbitrary code with the privileges of the victim user.
For such devices, it is recommended that Microsoft Video ActiveX Control be disabled from running in Internet Explorer – http://support.microsoft.com/kb/972890#FixItForMe
[2009-07-14 16:33:21 | Mark Kraitchman]
Microsoft Security Bulletin MS09-032 – Critical Cumulative Security Update of ActiveX Kill Bits (973346) resolves the Internet Explorer on Windows XP Microsoft Video ActiveX Control could allow remote code execution vulnerabilty.