Once again there is a browser vulnerability that allows for the remote execution of code. And the only action necessary to become infected is to view a malicious webpage using Internet Explorer or an HTML formatted e-mail.
Like the WMF exploit it is advised to unregister the susceptible dll from the system as a workaround for the vulnerability.
To unregister the dll you should execute from Start, Run: regsvr32 /u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
This differs slightly from Microsoft's recommendation - so as to include localized versions of Windows.
The vgx.dll component solely handles Vector Markup Language (VML). VML is a description format for browsers to draw vector graphics. Not too many websites use this format today - but rather display plain images. Also - it's only supported by Internet Explorer. Opera and Firefox implement Scalable Vector Graphics (SVG).
Use this link with IE to see an example of VML. If you have the dll registered, you'll see a clock. Once unregistered, you shouldn't see anything.
Microsoft's Outlook e-mail client is also potentially vulnerable for this exploit. But fortunately e-mail is treated as if from Restricted Sites by default, where Binary and Scripting Behaviors is disabled. By using a web-mail client and Internet Explorer you might still be vulnerable.
We strongly recommend implementation of this workaround immediately.