Office OLE2 RCE via RTF/HTA: Executes PowerShell/VBScript without macros via crafted Word document. Widely exploited in targeted phishing against government and financial institutions. Apply MS17-010 patches. Block .hta file format at email gateway.
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1/RT SP1, 2016, Windows Vista/7/8.1/10, Server 2008/2012/R2 allow remote attackers to execute code via a crafted document (OLE2link object).
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →