Expmon, one of several security firms that reported the zero-day exploit, told BleepingComputer the attack method is 100-percent reliable making it very dangerous. Once a user opens the document, it loads malware from a remote source. Expmon tweeted that users should not open any Office documents unless they are from an entirely trusted source.
The file that Expmon discovered was a Word document (.docx), but Microsoft did not indicate that the exploit was limited to Word files. Any document that can call on MSHTML is a potential vector.