New Microsoft Office Zero-Day Exploit
MS Office docx files may contain external OLE Object references as HTML files. There is an HTML scheme
ms-msdt:
which invokes themsdt
diagnostic tool, what is capable of executing arbitrary code (specified in parameters).The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros). New Microsoft Office Zero-Day Exploit