How to exploit:

https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/

http://www.biblioscape.com/rtf15\_spec.htm

https://enigma0x3.net/2016/03/15/phishing-with-empire/

Analysis:

https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/

How to fix:

https://support.microsoft.com/en-us/help/3178710/description-of-the-security-update-for-office-2013-april-11-2017