A 0-day exploit within the msVidCtl component of Microsoft DirectShow is actively being exploited through drive-by attacks using thousands of newly compromised web sites, according to CSIS. The code has been published in the public domain via a number of Chinese web sites.
Original advisory issuer : http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799

ISC : http://isc.sans.org/diary.html?storyid=6733

This isn't up on secunia as of now.

Be sharp.