Microsoft Office has been in the line of fire throughout the year with malware distributors employing various social engineering techniques to trick users into opening up booby-trapped documents laced with exploits or macros. The vulnerability leverages an improper validation in a parsing module of the Web Services Description Language (WSDL) which leads to arbitrary code injection and execution. As we have seen it many times in previous attacks, mshta.exe is used to retrieve a script and eventually the malware payload. Malwarebytes users were already protected against this exploit when it was still a zero-day.”]
Source: https://blog.malwarebytes.com/threat-analysis/2017/09/psa-new-microsoft-word-0day-used-wild/