In 2018, Mimecast Research Labs discovered a memory leak vulnerability in Microsoft Office that may have resulted in the unintended leakage of sensitive information in millions of previously-created Office files using ActiveX controls.
While this vulnerability was patched in a January 2019 update by Microsoft, the discovery highlights the need for static file analysis during the inspection process for documents coming in and out of your security environments.
In this technical whitepaper, Meni Farjon of Mimecast Research Labs outlines how the vulnerability was discovered using Targeted Threat Protection technology, as well as ways the vulnerability could have been exploited.