Security Advisory 969136 describes the new problem as one that can allow remote code execution if the file recipient opens an infected file. The Microsoft Security Research & Defense blog is rather more useful (not to mention straightforward — yes, they’re seeing it out in the wild, used in targeted attacks), recommending several defensive maneuvers while we await a patch.

Link:
http://www.betanews.com/article/…

Check out these posts too:

  1. Internet Explorer and Firefox Vulnerability Analysis Report
  2. Microsoft Adds Clickjacking Protection to IE8
  3. The WMF Faq – what you need to know about this vulnerability
  4. Fortifying Your Website with PHP
  5. Microsoft Security Bulletin MS08-067 – Critical
  6. New Anti-vuris+ from Microsoft
  7. Followup: Convert Excel and PowerPoint to webpage