Credit to Author: Pieter Arntz| Date: Mon, 30 May 2022 18:09:26 +0000
Researchers around the world are working to understand a new remote code vulnerability in Microsoft Office dubbed Follina.
The post [Updated]Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug) appeared first on Malwarebytes Labs.
Read moreCredit to Author: Pieter Arntz| Date: Mon, 30 May 2022 18:09:26 +0000
Researchers around the world are working to understand a new remote code vulnerability in Microsoft Office dubbed Follina.
The post Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug) appeared first on Malwarebytes Labs.
Read more
Credit to Author: Gabor Szappanos| Date: Thu, 18 Jul 2019 16:00:18 +0000
Weaponized RTF documents adopt CVE-2018-0798, another Equation Editor vulnerability<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/ltjXsAajVFc” height=”1″ width=”1″ alt=””/>
Read more
Credit to Author: Gabor Szappanos| Date: Tue, 11 Sep 2018 16:15:26 +0000
A key piece of the malware ecosystem adopts new vulnerabilities, and scraps old exploits, in record time<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/gKMCGkmvrcQ” height=”1″ width=”1″ alt=””/>
Read moreCredit to Author: Aniruddha Dolas| Date: Mon, 05 Feb 2018 10:12:34 +0000
No wonder malspam campaigns are a major medium to spread malware. Previously, we have written about such campaigns making use of MS Office malware such as malicious macro, CVE-2017-0199, CVE-2017-8759 and DDE-based attack. Recently, we have started observing various malspam campaigns exploiting the latest MS Office vulnerability CVE-2018-11882. Let’s take a look…
Read moreCredit to Author: Aniruddha Dolas| Date: Mon, 05 Feb 2018 10:12:34 +0000
No wonder malspam campaigns are a major medium to spread malware. Previously, we have written about such campaigns making use of MS Office malware such as malicious macro CVE-2017-0199, CVE-2017-8759 and DDE-based attack. Recently, we have started observing various malspam campaigns exploiting the latest MS Office vulnerability CVE-2018-11882. Let’s take a…
Read moreCredit to Author: Aniruddha Dolas| Date: Wed, 06 Dec 2017 09:27:30 +0000
For the past few years, we have been seeing macro-based attacks through Object Linking Embedding (OLE)/Microsoft Office files. But, presently, attackers are using a different technique to spread malware through Office files – using a new attack vector called ‘Dynamic Data Exchange (DDE)’. DDE is an authorized Microsoft Office feature that provides several methods for transferring data between applications. Once the communication protocol is established, it doesn’t require user interactions…
Read moreCredit to Author: Pradeep Kulkarni| Date: Fri, 14 Apr 2017 09:52:28 +0000
The newly discovered zero-day vulnerability (CVE-2017-0199) in Microsoft Office/WordPad is being actively exploited in the wild. Almost all Microsoft Office versions are affected with this bug. To fix this vulnerability, Microsoft released a security update on April 11, 2017. Vulnerable Versions According to Microsoft, the following are the affected products…
The post CVE-2017-0199 – Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API appeared first on Quick Heal Technologies Security Blog | Latest computer security news, tips, and advice.
Read more