Only 5 days after the release of the vulnerability, two exploits are on the street. Both exploits, tested on WINXP SP2, will give the attacker the ability to run code of her or his choosing on the compromised machine. As of this writing, a patch has not been made available, as far as we know.
Windows XP SP2 is not vulnerable in its default configuration. Microsoft noted that the HTML Help Workshop SDK has to be installed in order for the exploit to work. This SDK is a self contained download and at this point we are not aware of anything that would bundle this SDK. Given that is is an issue with this particular application, there is a chance that it may be exploitable on Windows versions other then XP SP2.
