Microsoft has acknowledged the presence of a serious issue called Video ActiveX Controls allowing Remote Code Execution. This is primarily onĀ the Internet Explorer browser running on XP and Windows 2003 machines.
They have also released an advisory update / patch on this topic which is available here.
At Auro Infotech, we chose an alternate strategy which has been working well for quite some time now. This solution is called Using Firefox with NoScript.
Those who feel it is necessary to use Internet Explorer, please remember to visit the Microsoft Support Site. Others, please try our recommended solution out and let us know if you think it does not work out for you for any reason.