The flaw affects people running Internet Explorer on machines running Windows XP or Windows Server 2003. A remote, unauthenticated attacker could execute arbitrary code with the privileges of the victim user.
For such devices, it is recommended that Microsoft Video ActiveX Control be disabled from running in Internet Explorer – http://support.microsoft.com/kb/972890#FixItForMe
http://www.kb.cert.org/vuls/id/180513
UPDATE
[2009-07-14 16:33:21 | Mark Kraitchman]
Microsoft Security Bulletin MS09-032 – Critical
Cumulative Security Update of ActiveX Kill Bits (973346)
resolves the Internet Explorer on Windows XP
Microsoft Video ActiveX Control could allow remote code execution vulnerabilty.