Microsoft engineer Chengyun discusses the default behaviour of ActiveX controls embedded in Office documents. The software giant also provides information on how can an attacker abuse ActiveX and how Office users can change the behavior of the controls. The engineer also provides step-by-step instructions on configuring Office 2007 for users concerned about Safe-for-Initialization ActiveX control being instantiated by Office without prompt. Attackers have discovered ActiveX support in Office applications and have been using it to more effectively lure victims to web-based malware.
Source: https://threatpost.com/microsoft-explains-how-activex-office-abused-attackers-030409/72366/