MS Office docx files may contain external OLE Object references as HTML files. There is an HTML scheme
ms-msdt:
which invokes themsdt
diagnostic tool, what is capable of executing arbitrary code (specified in parameters).The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros). New Microsoft Office Zero-Day Exploit
so.cl
Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer