Needless to say, you should NEVER open an email attachment unless you know who it came from, what it is, and why you're getting it. The IE flaw that Microsoft patched yesterday is now being exploited by attackers via Microsoft Word documents with malicious ActiveX controls embedded in them. These are being sent out in spam emails as attachments and through malicious websites. From [url=http://www.sans.org/newsletters/newsbites/newsbites.php?vol=10&issue=99:h0ui1w65]SANS NewsBites, Vol. 10, Num. 99[/url:h0ui1w65]:
[quote:h0ui1w65]The Internet Explorer (IE) vulnerability for which Microsoft has just released an out-of-cycle fix...is being exploited in
another way; attackers are seeding Microsoft Word documents with malicious ActiveX controls. The embedded controls contain lines of code
that cause the host on which the controls have been downloaded to visit a site that hosts malware. Users receive the infected Word documents
as email attachments or through maliciously manipulated websites.[/quote:h0ui1w65]
Check out this [url=http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9123898&source=rss_topic17:h0ui1w65]Computerworld article[/url:h0ui1w65] for more information.