This is a Critical exploit, capable of executing code as the user running Internet Explorer. Reports of this in the wild as well as a temporary patch can be found at the Internet Storm Center.
From the eEye Digital Security Alert:
The PoC is an integer overflow-based heap overflow, in the DSA_SetItem function in COMCTL32.DLL. An arithmetic overflow can occur during multiplication to calculate the desired size for a call to ReAlloc, that isn’t reproduced during a subsequent call to memmove, so the allocated size can be smaller than the copy size and result in a heap buffer overflow. …
This vulnerability can result in remote code execution in the context of the logged in user. In order to exploit this an attacker must create a malicious website or leverage a site that allows for custom user content.
While the vulnerability was posted on the Browser Fun Blog on July 18th, the exploit first appeared over the weekend. The Microsoft Security Advisory has details on how to patch manually and how to apply the manual change to group policy.
Affects:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 1
- Windows XP Service Pack 2
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows XP Professional x64 Edition
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
