263 matches found
DEBIAN-CVE-2017-12626
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1 Infinite Loops while parsing crafted WMF, EMF, MSG and macros POI bugs 61338 and 61294, and 2 Out of Memory Exceptions while parsing crafted DOC, PPT and XLS POI bugs 52372 and 61295...
Threat Analysis: Malicious Microsoft Word Documents Being Used in Targeted Attack Campaigns
A Microsoft Word document .doc believed to be malicious was recently submitted to Carbon Black’s Threat Analysis Unit TAU. The submitting organization did not feel that that document and subsequent payload was fully executing in their analysis environment, and questioned whether or not it was...
Microsoft Office DDE Payload Delivery
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Office DDE Payload Delivery', 'Description' = %q This module generates an DDE command to place within a word document, that when...
Recam Redux - DeConfusing ConfuserEx
This post is authored by Holger Unterbrink and Christopher MarczewskiOverviewThis report shows how to deobfuscate a custom .NET ConfuserEx protected malware. We identified this recent malware campaign in our Advanced Malware Protection AMP telemetry. Initial infection is via a malicious Word...
Apache OpenOffice DOC File Parsing Remote Code Execution Vulnerability
Apache OpenOffice is open and free word processing software. The OpenOffice Writer DOC file parser and WW8Fonts constructor handles DOC file vulnerabilities, allowing remote attackers to exploit the vulnerability by submitting a special file and tricking the user into parsing it, which can crash...
Oracle OIT ContentAccess libvs_word+63AC Code Execution Vulnerability(CVE-2016-3592)
Description Partially controlled memory write vulnerability exists in Mac Word file format parsing code of Oracle Outside In Technology Content Access SDK. An unchecked pointer arithmetic leads to an out of bounds memory overwrite resulting in code execution. Tested Versions Oracle Outside In...
Attackers Use Undocumented MS Office Feature to Leak System Profile Data
An undocumented Microsoft Office feature allows attackers to gather sensitive configuration details on targeted systems simply by tricking recipients to open a specially crafted Word document—no VBA macros, embedded Flash objects or PE files needed. The undocumented feature is being used by...
Threat Analysis: Word Documents with Embedded Macros Leveraging Emotet Trojan
Many customers have recently asked how Carbon Black's solutions detect macros and droppers specifically referencing Emotet dropper files. Customers often say that macros and droppers are an ongoing problem in their environments. They are also seen day-to-day by most practitioners. The analysis...
Phishery - An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector
Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document. The power of phishery is best demonstrated by setting a Word document's template to a...
Modified Zyklon and plugins from India
IntroductionStreams of malicious emails Talos inspects every day usually consist of active spamming campaigns for various ransomware families, phishing campaigns and the common malware family suspects such as banking Trojans and bots.. It is however often more interesting to analyze campaigns...
Office discovered zero vulnerabilities hackers can use the Word document to install malicious software-vulnerability warning-the black bar safety net
According to foreign media reports, recently a period of time, you when opening a Word document may have to be careful because the security company MCAfee researchers in Microsoft Office software found in a zero vulnerabilities, hackers can use it quietly in your computer system to install...
Latest Tax Scams Include Phishing Lures, Malware
Microsoft warned Monday this year’s crop of tax scams are using social engineering attacks based on fear to spread Zdowbot and Omaneat banking Trojans and collect personal info via spoofed tax sites linked to from phishing campaigns. The warning comes with less than a month before the April 18 ta...
SSL Enabled Basic Auth Credential Harvester: phishery
An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector Phishery is a Simple SSL Enabled HTTP server with the primary purpose of phishing credentials via Basic Authentication. Phishery also provides the ability easily to inject the URL into a .docx Word document...
Malware Evades Detection with Novel Technique
Researchers have found a new strain of document-based macro malware that evades discovery by lying dormant when it detects a security researcher’s test environment. The malware, according to researcher Caleb Fenton with security firm SentinelOne, evades detection simply by counting the number of...
Microsoft Office Memory Corruption (MS16-099: CVE-2016-3316)
A memory corruption vulnerability has been reported in Microsoft Word. The application fails to properly handle certain objects in memory when parsing specially crafted files with a large sprmSDyaTop value. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to op...
Oracle OIT ImageExport libvs_bmp BMP BI_RLE8 Width Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0160 Oracle OIT ImageExport libvsbmp BMP BIRLE8 Width Code Execution Vulnerability July 19, 2016 Description A vulnerability in libvseshr can lead to remote code execution while parsing a specially crafted Word document containing a reference to Escher drawin...
Cerber: Analyzing a Ransomware Attack Methodology To Enable Protection
Ransomware is a common method of cyber extortion for financial gain that typically involves users being unable to interact with their files, applications or systems until a ransom is paid. Accessibility of cryptocurrency such as Bitcoin has directly contributed to this ransomware model. Based on...
The vulnerability of the Oracle Fusion Middleware software platform, which allows a perpetrator to trigger a service failure
The vulnerability of the Oracle Outside In Technology component of the Oracle Fusion Middleware software is caused by buffer overflow in the stack. Exploiting this vulnerability allows a malicious actor to cause a service failure using a specially created DOC file...
Scientific Linux Security Update : libreoffice on SL6.x i386/x86_64 (20151214)
It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim. CVE-2015-4551 An integer underflow flaw leading to a...
Microsoft Office 2007 OneTableDocumentStream Invalid Object Exploit
Microsoft Office 2007 suffers from a OneTableDocumentStream invalid object vulnerability. Source: https://code.google.com/p/google-security-research/issues/detail?id=171&can=1 The following access violation was observed in Microsoft Office 2007 Word document: 8c0.e68: Access violation - code...