In this case, the booby-trapped server sends out a compiled HTML file with an embedded program script. “On unpatched systems, the vulnerability is triggered by opening a document that provokes a benign-looking download warning, followed by a download from a booby-trapped server that sends a document of a more dangerous sort. Security experts SophosLabs describe it this way:
In fact, it appears to be something that can affect MacOS X users of Microsoft Word along with Windows users, which is rather unusual. You’re right that there is a brand new exploit in the wild that’s particularly malicious and targets Microsoft Word users.