The first exploit, for MS05-053 is reported to cause a DOS condition, sending CPU usage to 100% when viewing a file in IE. The Microsoft security bulletin for this vulnerability lists remote code execution as a possibility, indicating future exploits could be more severe. Users with the hotfix for GDI installed are protected from this issue.
The second flaw is related to vulnerabilities in MSDTC and COM+, and again the exploit is limited to a denial of service attack rather than the remote code execution listed as a possibility on the security bulletin. The patch for this (MS05-051) has been available since October 11, and despite some users having problems with the update, Microsoft recommends users apply the patch.
Posted by: Peter Laborge