It seems the bad guys have been hard at it trying to come up with creative ways to compromise users systems running Internet Explorer using the recently discovered Zero Day vulnerability that was initially discovered through the handling of XML.

The latest twist is that specially craft Word documents are being used as a means to introduce the attack into an environment. It is understood that attackers are supplying Word documents with an embedded ActiveX control identified by CLSID {AE24FDAE-03C6-11D1-8B76-0080C744F389}.

The ActiveX control is used to contact a malicious site and obtain the exploit that executes arbitrary code on the victim’s computer. The beauty of this variation on the attack is that the exploit is downloaded and run without the knowledge of the user, as the document file appears quite normal to the unsuspecting user.

At this stage there is still no fix from Microsoft, however it seems we will be getting a patch today Wednesday at 1pm EST (6pm GMT) via the usual Windows Update Sources. There are workarounds listed within the Microsoft Advisory 961051 here, however this latest twist is bypassing the security gained by stopping using Internet Explorer in favor of a browser that is not vulnerable such as Firefox, Google Chrome or Opera. Now users are urged to be wary of Word Documents from sources they do not trust.