The Office security team typically targets memory-corruption bugs in the software like buffer overruns, integer overruns, and format strings...

http://www.darkreading.com/document.asp?doc_id=159305