Usually the common vulnerability is a combination of Outlook and Active Directory. Outlook will happily execute whatever users click upon and AD lets them steal their credentials, to simplify things.