Adobe Flash zero-day exploit... leveraging ActiveX… embedded in Office Doc... BINGO!

Found on The Register on Thursday, 06 December 2018
Browse Software

In its current form, the attack bundles exploit code for the Flash zero-day (a use-after-free() bug) with an ActiveX call that is embedded within an Office document.

When the target opens the poisoned Doc, the ActiveX plug-in calls up Flash Player to run the attack code.

Obviously not enough people got rid of that bug-riddled piece of malware software called Flash. There isn't any need to install it, and hasn't been for years now.