Vulnerability in Microsoft Office Web Components control could allow remote code execution

Another critical problem that is currently being exploited in the wild (0 day attack). Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

We are aware of attacks attempting to exploit the vulnerability.

Below is a list of affected software, if you have the latest service pack on Office 2007 then you are safe

Affected Software

Microsoft Office XP Service Pack 3

Microsoft Office 2003 Service Pack 3

Microsoft Office XP Web Components Service Pack 3

Microsoft Office 2003 Web Components Service Pack 3

Microsoft Office 2003 Web Components for the 2007 Microsoft Office system Service Pack 1

Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3

Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3

Microsoft Internet Security and Acceleration Server 2006

Internet Security and Acceleration Server 2006 Supportability Update

Microsoft Internet Security and Acceleration Server 2006 Service Pack 1

Microsoft Office Small Business Accounting 2006

Non-Affected Software

Microsoft Office 2000 Service Pack 3

2007 Microsoft Office Suite Service Pack 1 and 2007 Microsoft Office Suite Service Pack 2

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2

Microsoft Forefront Threat Management Gateway, Medium Business Edition

Microsoft Internet Security and Acceleration Server 2000 Service Pack 2

You can use the workaround found in this link: http://www.microsoft.com/technet/security/advisory/973472.mspx

You can also use the fix-it button found in this link: http://support.microsoft.com/kb/973472