"Attackers are exploiting the just-patched vulnerability in Internet Explorer (IE) by hiding malicious ActiveX controls in Microsoft Word documents, according to security researchers.
The rogue documents can be delivered as attachments to spam or offered up by hacked sites. Attackers have been exploiting the IE bug since at least 9 December, when reports first surfaced about malicious code found in the wild and on several Chinese hacker servers.
Since then, Microsoft acknowledged the bug, then offered up a series of advisories urging users to take protective steps until a fix was available, and on Wednesday, Microsoft released the patch.
Users must be cautious about opening Word documents, keep their security software up-to-date, and apply the IE patch as soon as possible."
http://virusbuster.hu/en/viruslab/security_news/081220_ie7flaw4If you haven't already patched, Now would be a good time.
Be careful out there