Buffer and heap overflows are commonly used to launch worms and viruses. No comment from MS as yet. I do hope MS releases a patch soon, and make it available to everyone running a valid copy of XP or not, to prevent those bloody Windows machines spewing out more spam. The discoverers of the vulnerability seem to have a patch though. The announcement is here. The technical description of the vulnerability is here.