iDefense Security Advisory 07.28.09 – Remote exploitation of a logic flaw vulnerability in Microsoft Corp.’s ATL/MFC ActiveX code, as included in various vendors’ ActiveX controls, could allow attackers to bypass ActiveX security mechanisms. iDefense has confirmed the existence of this vulnerability inside Microsoft’s ATL and MFC. Although later versions of the ATL/MFC are less vulnerable, certain conditions can trigger the same exploit pattern.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/80514/07.28.09-2.txt
Source: https://packetstormsecurity.com/files/80514/iDEFENSE-Security-Advisory-2009-07-28.2.html