FireEye recently identified a vulnerability – CVE-2017-0199 – that allows a malicious actor to download and execute a Visual Basic script containing PowerShell commands when a user opens a Microsoft Office RTF document containing an embedded exploit. We worked with Microsoft and published the technical details of this vulnerability as soon as a patch was made available.

https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html?