It is possible for an attacker to execute a DLL planting attack in Microsoft Office with a specially crafted OLE object. Testing was performed on a Windows 7 x64 virtual machine with Office 2013 installed and the latest updates applied. Proof of concept included.
46d45bad78cc0769fb766cd7589210d99767133fd5d226273173fe717d826a5e