An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
This vulnerability exists in the ActiveX control used by IE to display Excel spreadsheets. Microsoft mentions that they are aware of active exploits against this vulnerability and at the moment there is no patch, just a a workaround. Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft advisory…

Thousands of websites have been hit by fast-moving exploit code that installs a cocktail of nasty malware on visitors’ computers by targeting a previously unknown vulnerability in some versions of Internet Explorer.
The compromised websites link to a series of servers that exploit a zero-day vulnerability in an IE component that processes media. The vulnerability affects those using the XP and 2003 versions of Windows, Microsoft warned in advisory 972890.
“An attacker who successfully exploited this vulnerability could gain the same user rights as the local user,” company security representatives wrote. “When using Internet Explorer, code execution is remote…