First some background info.
The definition was added recently by daily - 23071, Feb 15, 2017, so that
explains why you are just now seeing it.
It's looking for the following ASCII string in an ASCII Text document:
begin_signature
I am having a lot of thoughts over the detection from the programming packages
under "EntityFramework".
The alert returns : Txt.Exploit.CVE_2017_0007-5839723-0 FOUND
The loads of file (over 100+ per package) was detected as virus with the ID
above, there was no mentioning of alerts/scanning