Our site was hacked but only the VBA. Is there a know exploit for VBA?

Anyone else heard of this? I can access all the other parts except main page.

We are running latest VBA.

Thanks