A new remote code execution vulnerability in Microsoft Word has been found. It can be triggered simply by opening a malicious Word file. A successful exploit would allow an attacker to execute arbitrary code in the context of the logged-in user.
Affected products are Microsoft Word 2000 SP3 (Microsoft Office 2000), Microsoft Word 2002 SP3 (Microsoft Office XP), as well as Microsoft Word 2004 for Mac. Microsoft Office 2003 SP2 and above, as well as Microsoft Office 2007, appear to be unaffected.
You can read more about this issue in Microsoft Security Bulletin MS07-060. Microsoft recommends that customers apply the update immediately.
According to SecurityFocus, there are already reports that this vulnerability is being exploited in the wild.