I noticed this post over on heise security. There is exploit code for this one on milw0rm to boot.
An ActiveX control supplied with Microsoft Office (Office Data Source Control 11, OWC11.DLL) contains an error in the function DeleteRecordSourceIfUnused, which can be exploited to trigger a buffer overflow by means of crafted HTML documents. The buffer overflow occurs if excess data is passed to the HelpPopup method of the DeleteRecordSourceIfUnused() method of the ActiveX control, and can be exploited to run arbitrary code in the context of the calling application, which likely to be Internet Explorer. Failed attempts apparently lead to a crash. A published exploit demonstrates how Internet Explorer 6 crashes when opening this type of document. Visiting a manipulated web page would be sufficient for infection with malware via this vulnerability.
[tags]Office Exploit, milw0rm Exploit, Vulnerability[/tags]