A vulnerability has recently been found in Microsoft Office products. This vulnerability, of type "buffer overflow", allows the execution of arbitrary code remotely. For this, the use of social engineering is necessary for the victim to execute the manipulated file that exploits the vulnerability. In addition, this same vulnerability can be used for the development of malware, being already used for the malware known as "Cobalt", which is distributed through emails in the form of "spam".
The vulnerable component is "EQNEDT23.EXE", which is included in Microsoft Office since the 2000 version. Microsoft has already solved the security problem in its latest updates for November.