[prof_mm]

A Word document? Are you kidding me? Would a truly cyber-security conscious (i.e.: slightly paranoid) citizen download and open that, from the open internet, with a nation-state actor behind it?

[vuln]

Anyone worth their grain of salt would download and analyze in a vm before executing on their own personal machine... I know I would. Didier Stevens[0] has a ton of tools for static analysis of these file types.

[0] https://blog.didierstevens.com/

[yorwba]

It's docx. You can just unzip it to get a horribly XML but plaintext representation of the document.

[pearjuice]

Which format would you have preferred?

[rejschaap]

Plaintext would have sufficed

[ddalex]

how can you inject an exploit from a plaintext file?

[oneplane]

Didn't someone do that with notepad.exe recently? The demo spawned calc.exe from notepad.exe.