A Microsoft XML Core Services XMLHTTP Active control exploit allows malicious users to gain remote access or remote control of the computer without proper authentication and authorization.  The malicious users may code the exploit into web pages and when an unsuspecting victim browses the web page, or open an exploits tempered HTML formatted emails, the malicious users may be able to gain the same access privileges as the victim on the victim’s computer.  Once the malicious users gained access, they will be able to execute malicious programs against the victims.  Even if more damages cannot be performed against the victim, the exploit can render the Internet Explorer useless.

BroadWeb BSST has release a corresponding attack signature in the Pattern 3.61 release:

# 052710_EXPLOIT MS IE XML Core Services 4.0 Remote Code Execution

BSST strongly recommends BroadWeb Users update the signatures to Pattern 3.61 or later to prevent these type of attacks.

Broadweb Security Service Team (BSST) - Empower Your Network Security
Broadweb NetKeeper Intruder Prevention System delivers the protection against intrusion, worms, DDOS, Instant messaging, P2P, Web-Mail, and Web Post.