A vulnerability in Microsoft Word 2010 can allow Remote Code Execution if a user opens a malicious RTF file or previews / opens a malicious RTF email message in Microsoft Outlook while utilizing Microsoft Word as the email viewer (default for Outlook 2007, 2010 and 2013). X-Force is aware of this vulnerability being exploited in targeted attacks. A common attack vector to exploit such vulnerabilities is to send spear-phishing emails with a malicious document attached that lures the receiver to view the document thereby making them think it is from a trusted correspondent and in regards to something that is urgent or of high interest.