An unpatched vulnerability in an ActiveX control (Microsoft MPEG2TuneRequest) used by Internet Explorer is being actively exploited. I've written my version of the exploit in Python based on code I found in the wild. You can find the code here. The exploit's payload spawns the calculator.