This is particularly troubling because Microsoft just patched a vulnerability Tuesday that could allow remote code execution.

The vulnerability is identified as CVE-2012-0183 and affects Microsoft Office 2003 and 2007 for Windows, as well as Microsoft Office 2008 and 2011 for Mac OS.

Considering the attackers' rapid adoption of exploits for CVE-2012-0158, a RTF parsing vulnerability patched by Microsoft in April, it's likely that CVE-2012-0183 will also be targeted soon.

"Within a span of two weeks, CVE-2012-0158 went from zero to actually surpassing CVE-2010-3333 as the preferred exploit of attackers," Flores said. "This just shows that the time window for patching critical vulnerabilities is small, which requires due diligence and discipline on patch management by organizations."

APT attacks that use booby-trapped documents don't only target Windows users. Back in March, researchers from security firm AlienVault, analyzed an APT attack against Tibetan activists that to install Mac malware.