New vulnerability affect M$ systems where is installed IE and Access (or Outlook Express 2000, 98, Outlook 2000, 98)
The problem is exploited by embedding a VBA code within a
Access database file (.mdb) within an Outlook Express email
file or Multipart HTML (mht) file.
If the email file is accessed using Internet Explorer, the
attachment may be automatically executed without triggering
any security alerts.
This may be exploited through email by using an iframe
tag or using Active Scripting to call the malicious file
through an HTML email, allowing Internet Explorer to
automatically access the exploit EML file.
Original article says which Microsoft is working to a patch.

Related links: (article and exploit).