On Monday, July 13, 2009, Microsoft Released a Security Advisory Dis-closing a Previously-Un-Known Vulnerability affecting Office Web Components. The Advisory states that the Issue is being Exploited In-The-Wild.

No Fix is Currently Available for the Issue. A Workaround discussed in the Advisory allows to Mitigate the Issue by Setting the Kill-Bit on the associated C.L.S.I.D.s.

Microsoft Security Advisory (973472):
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution:
http://www.microsoft.com/technet/security/advisory/973472.mspx.