Juha-Matti has written a very good overview of the Word zero-day vulnerability.
Q: What is the recent Microsoft Word 0-day vulnerability disclosed in December?
A: This vulnerability is caused by an unknown error when processing malformed Word documents. The issue was disclosed by the vendor. Late on 5th December Microsoft reported about zero-day type attacks using undocumented, previously unknown vulnerability in Microsoft Word products. Microsoft released Security Advisory to provide a notification of a “publicly disclosed vulnerability”.
Link here.
Alex Eckelberry