Microsoft Security Bulletin (MS00-049) (Update) - Two vulnerabilities have recently been discovered, one affecting Microsoft Office 2000, and PowerPoint 97, and the other Internet Explorer 4.01 SP2 and higher. The Office HTML Script vulnerability, allows malicious script code on a web page to reference an Excel 2000 or PowerPoint file in such a way as to cause a remotely hosted file to be saved to a visiting user's hard drive. IE Script vulnerability, can allow malicious script code on a web page to reference a remotely hosted Microsoft Access file. The Microsoft Access file can in turn causes a VBA macro code in the file to be executed. Microsoft FAQ on this issue available here.
4c81cb6858d14336d30e08a9672c24d9d344d2da537ae08343ad4c7e70ef2c96