Poisoned sites or malformed documents seem to be the most likely venues for this type of attack (including ones on file sharing sites). Tracking this with a process monitor we see the script (etc.) a command prompt, then Regsvr32, and then a netconn connection opens up pointing to the file in question. From there the payload is executed and the fun begins. What makes this more dangerous is that many web filters are failing to catch this as it happens. It means that you are putting the security of your network in the hands of your antimalware application. Sadly far too many of them either miss the malware or do not run quickly enough to stop the infection before it executes.
There are some suggestions to mitigate this vulnerability and they make sense. Regsvr32 should be blocked to outside connections on the built in firewall in Windows. You can control a lot of this using Group Policy to make things a little easier. You can also use a third party application that allows you to control process access as well. Either way there is certainly a need to keep this process protected from exploit. In the meantime we expect that Microsoft is working on a patch for this although we are not sure what they can really do to stop this without some fairly large changes. As Smith has put up examples of the attack on GitHub this one is sure to be in the wild very soon.
As always be safe out there.