Cody Pierce knew right away what he had found, but he wasn't exactly sure how serious it was. Pierce and his fellow researchers at TippingPoint had spent much of the early part of last year poking around in the ActiveX controls in Windows XP, looking for controls that might be vulnerable.

The team had decided at the beginning of the year that with all of the applications and code now running on the Web instead of desktops, ActiveX would be a prime avenue of attack for hackers in the coming months and years, and they wanted to get there before the attackers did.

Now, after weeks of methodical research and a number of false starts, Pierce had found exactly what he'd been hoping for: a zero-day vulnerability in Internet Explorer that allowed arbitrary code execution. For security researchers, identifying a zero-day is as good as it gets. It's the digital equivalent of making the first run of the morning on fresh powder. But finding the vulnerability turned out to be the easy part in this case; now came the frustrating process of constructing a working exploit.

The link for this article located at SearchSecurity.com is no longer available.