The US Computer Emergency Readiness Team (US-Cert) said that the exploit is launched when a user opens a specially crafted Word document.
The organisation recommends that users avoid opening any Word document that originates from untrusted sources, or files that arrive unexpectedly from trusted sources.
US-Cert also warned that filtering files by extension name (such as .doc) may not protect users from attack, because Word will open files with the correct file header information regardless of the extension name.
http://uk.news.yahoo...osoft-word.html