A new Equation Editor exploit goes commercial, as maldoc attacks using it spike