The ISC is highlighting these zero-day attacks with a rare "Yellow Status" condition for 24 hours, as more active use in-the-wild may be occurring. AV protection is emerging and users should stay be careful in accessing unusual websites presented to them in searches, email, IM, or other sources until this is patched.
QUOTE: Attack vectors used to exploit this vulnerability
1.The now known public attempts to exploit the vulnerability, attackers just modify the code with a fresh download and payload to slightly modified malware.
2.A .cn domain using a heavily obfuscated version of the exploit - which may become an attack kit (think MPACK)and is similar to recent DirectShow attacks.
3.A highly targeted attack against an organization earlier today who received a Microsoft Office document with embedded HTML. This one was particularly nasty, it was specifically crafted for the target - with the document being tailored with appropriate contact information and subject matter that were specific to the targeted recipient. Analysis of the document and secondary payload found the attacker used a firewall on the malicious server so that all IP traffic outside of the targeted victim's domain/IP range would not reach with the server.