iDefense Security Advisory 04.08.08 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Microsoft Help 2.5 ActiveX control allows an attacker to execute arbitrary code with the privileges of the logged-on user. iDefense has confirmed this vulnerability in version 2.05.50727.42 of hxvz.dll, which is installed with Visual Studio 2005.
588d2439063be1e77858d28dd76b3cadb193e7df46f39974193b547dca836bc3