Javaprxy.DLL COM Object Instantiation Heap Overflow Vulnerability

Microsoft put out a bulletin last week warning of a denial of service in javaprxy.dll (part of the Microsoft JVM). Exploit code has been posted to the Internet which show that this vulnerability is more than a denial of service, it can allow an attack to run code in the context of the logged on user.
Microsoft has posted several mitigating steps at http://www.microsoft.com/technet/security/advisory/903144.mspx. The easiest such step is to set the activeX kill bit. With this method you dont have to worry about loss of functionality in other applications which use the MS JVM. The downside is that from my testing the denial of service exploit still occurs (memory usage) although it does not allow the malicious code to run.
Check out the MS article for other mitigation techniques.