From InformationWeek's Thomas Claburn's story earlier today:
"The vulnerability exists specifically in the Spreadsheet ActiveX Control and could allow an attacker who successfully exploited this vulnerability the same user rights as the local user," the Microsoft advisory states. "We are aware of limited, active attacks attempting to exploit this vulnerability."
Last week, Microsoft issued a Security Advisory about a vulnerability in its Video ActiveX Control.
In related browser security news, security researcher Robert "RSnake" Hansen, CEO of SecTheory, spotted a vulnerability that has taken some of the shine off of the security of Google Chrome. From his blog post on the flaw:
These types of flaws, both Microsoft's browse-and-get-owned and Chrome's viewing source vulnerability are important types of flaws to take note, as more attacks are increasingly setting up malicious Web sites -- as well as infecting legitimate sites -- to which they direct users for exploitation. These trends have been underway for awhile, as we noted in this post, Trusted Web Site? No So Fast.
To follow my mobile security and technology observations, consider following me on Twitter.