HighMicrosoft Windows Knowledge Base Article 948881 update is not installed on the system, which could allow an attacker to exploit the following vulnerability:
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability that occurs when Internet Explorer attempts to instantiate the hxvz.dll object as an ActiveX control. By persuading a victim to visit a malicious Web page containing an invalid object, a remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system or cause the application to crash.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS08-023. See References.
Microsoft Security Bulletin MS08-023
Security Update of ActiveX Kill Bits (948881)
http://www.microsoft.com/technet/security/bulletin/ms08-023.mspx
IBM Internet Security Systems X-Force Database
Microsoft Internet Explorer hxvz.dll object code execution
http://xforce.iss.net/xforce/xfdb/41464
ISS X-Force
Microsoft Windows Knowledge Base Article 948881 update not installed
http://www.iss.net/security_center/static/41465.php
CVE CVE-2008-1086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1086
