Detailed exploit code for the vulnerability -- discovered during HD Moore's MOBB (month of browser bugs) project and fixed on Patch Tuesday in February -- has surfaced on the Internet, offering malware authors step-by-step instructions on how to launch PC takeover attacks.
The exploit code takes aim at a remote code execution flaw in the ADODB.Connection ActiveX control that is provided as part of the ActiveX Data Objects (ADO). This is distributed in MDAC (Microsoft Data Access Components).
In the MS07-009 bulletin, Microsoft warns:
An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site. This can also include Web sites that accept user-provided content or advertisements, Web sites that host user-provided content or advertisements, and compromised Web sites. These Web sites could contain specially crafted content that could exploit this vulnerability... It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.