iDefense Security Advisory 08.11.09 – Remote exploitation of a type confusion vulnerability in Microsoft Corp.’s ATL/MFC ActiveX code as included in various vendors’ ActiveX controls, could allow an attacker to execute arbitrary code within Internet Explorer (IE). iDefense has confirmed the existence of this vulnerability inside Microsoft’ ATL and MFC. This vulnerability appears to be limited to MFC version 3.0. Any source code compiled with these libraries may also be vulnerable.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/80517/08.11.09-2.txt
Source: https://packetstormsecurity.com/files/80517/iDEFENSE-Security-Advisory-2009-08-11.2.html