GFI has recently discovered a security flaw within Internet Explorer which allows a malicious user to run arbitary code on a target machine as it attempts to view a website or an HTML email. The problem is exploited by embedding a VBA code within a Access database file (.mdb) within an Outlook Express email file or Multipart HTML (mht) file.

Link for this Proof of concept Exploit is here.