Booby-Trapped Word Documents Exploit Critical Microsoft 0-Day

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
Not that any of you are stupid enough to open an attachment without looking over the e-mail first, but there is a new exploit going around that targets Microsoft Word. This one is supposedly special because it doesn’t involve macros and even opens a decoy document to dupe the user into thinking nothing happened. Naturally, the exploit allows for full code execution on the victim's machine.

The attack starts with an e-mail that attaches a malicious Word document, according to a blog post published Saturday by researchers from security firm FireEye. Once opened, exploit code concealed inside the document connects to an attacker-controlled server. It downloads a malicious HTML application file that's disguised to look like a document created in Microsoft's Rich Text Format. Behind the scenes, the .hta file downloads additional payloads from "different well-known malware families."
 
TFA didn't say but I wonder if the exploit specific to MS Word/Office? Is the document reader in Libre Office or other packages close enough to allow the attack to activate?
 
My mind was in the gutter when I read headline. How does this work without macros??
 
TFA didn't say but I wonder if the exploit specific to MS Word/Office? Is the document reader in Libre Office or other packages close enough to allow the attack to activate?

Yea, I wonder that also. Been reading several articles about this and still not sure if it only affects files opened under Microsoft suites or via Google docs, Libre, etc.
 
when i clicked the article the only thing that came to mind was WTH is up with all those damn toolbars in the top pic. is there any room left to see the doc??

EDIT: as to how it works, the article does state it

>The root cause of the zeroday vulnerability is related to the Windows Object Linking and Embedding (OLE), an important feature of Office.
 
Back
Top