There are multiple ways an actor could launch an attack leveraging the bug, Microsoft says. An attacker could lure the victim to a website containing the specially crafted file, or they could send the malicious file via email or instant messaging.
Read full news article on SecurityWeek