http://www.microsoft.com/technet/security/advisory/932553.mspxMicrosoft Security Advisory (932553)
Vulnerability in Microsoft Office Could Allow Remote Code Execution
Published: February 2, 2007
Microsoft is investigating new public reports of very limited Microsoft Excel “zero-day” attacks using a vulnerability in Microsoft Office 2000, Microsoft Office XP, Microsoft Office 2003, and Microsoft Office 2004 for Mac
In order for this attack to be carried out, a user must first open a malicious Office file attached to an e-mail or otherwise provided to them by an attacker.
While we are currently only aware that Excel is the current attack vector, other Office applications are potentially vulnerable.
As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability.