Microsoft announced a security vulnerability yesterday in Microsoft Video ActiveX control which could allow remote code execution by affected users.  Microsoft explained the threat as follows:  "The Microsoft Video Control object is a Microsoft ActiveX control that connects Microsoft DirectShow filters for use in capturing, recording, and playing video. It is the main component that Microsoft Windows Media Center uses to build filter graphs for recording and playing television video. When the ActiveX control is used in Internet Explorer, the control may corrupt the system state in such a way that an attacker could run arbitrary code.  If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."  The bulletin is titled "Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX control could allow remote code execution" http://support.microsoft.com/kb/972890  The bulletin explains that "In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site."