Microsoft yesterday announced a new vulnerability in Word where specially crafted RTF files could cause your computer to execute commands without your permission. Microsoft Security Advisory (2953095) explains how attackers are currently using this vulnerability to execute commands on computers that open these types of RTF documents. This vulnerability also exists in Outlook if it is configured to use Word as its email viewer.
The advisory states:
Quote
Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
At this point there is no patch available, but Microsoft has released a Fixit that can be used to disable the opening of RTF content in Word. This fixit should be used by all users of Word until an official patch is released.