The vulnerability was discovered during an actual live attack by anti-virus vendor Symantec. It affects multiple versions of Microsoft Word and can be used in successful code execution attacks against users of Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP.
It requires user intervention to trigger, so safe users should be alright. Infected documents are spread via email, then if opened, triggers the infection and can result in remote system compromise. You can read a security advisory regarding the issue. There is no current patch, though Microsoft is aware of the problem.