It’s worth noting that after a hailstorm of patches yesterday by Microsoft, the daxctle.ocx vulnerability was not patched.
We have observed this exploit in action in the wild. However, it is not widely used (the two sites we saw it on are now dead) and it is a pretty crappy exploit (meaning, it doesn’t work all that well).
Nevertheless, it is an exploit, it has been observed in the wild, and it’s not patched.
Mitigation: The DirectAnimation Path control can be disabled by setting the kill bit for the following CLSID: {D7A7D7C3-D47F-11d0-89D3-00A0C90833E6} More information about how to set the kill bit is available in Microsoft Support Document 240797. More at CERT.
Alex Eckelberry
(and a hat tip to Altieres Rohr)