The list of things to worry about with the soon-to-be-patched MS08-078 XML data binding vulnerability is getting longer by the minute. The researchers at McAfee’s AVERT Labs report that they have been seeing exploits using Word documents to download and install malicious ActiveX controls on user machines
— Word documents being used in new attacks on IE XML flaw — Security Bytes
