After listening to Security now Episode 58, I had write a quick blog post to warn people about this very (I would say) critical flaw in Windows XP and IE. I have temporarily patched my systems by unregistering the VGX DLL. I would highly suggest everyone do the same by copying the following code into your run dialog box and restarting your machine.
regsvr32 -u “%CommonProgramFiles%Microsoft SharedVGXvgx.dll”
Much more information and another flaw affecting only Windows 2000 users can be found at the security now notes page.
