263 matches found
LittleCorporal - A C# Automated Maldoc Generator
LittleCorporal: A C Automated Maldoc Generator C:\LittleCorporal\bin\ReleaseLittleCorporal.exe C:\beacon.bin explorer.exe . . . . | | ||/ |/ || | \ \ | | | | | \ \ \ | / / \ / / \ \ \ / \ \ \ | | | || || | | | | |\ /\ \ | / | | // | | | ||| || |/\ \ //|| | / /|| // / / / || / / \ / o\ /...
Exploit for Path Traversal in Microsoft
This repository is a proof-of-concept PoC exploit for CVE-2021-40444, a Microsoft Office Word remote code execution vulnerability. The PoC is a malicious docx generator that creates a document that, when opened, will execute arbitrary code on the victim's system. The PoC consists of several files...
CVE-2021-25830
A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...
Lazarus Targets Defense Companies with ThreatNeedle Malware
The prolific North Korean APT known as Lazarus is behind a spear-phishing campaign aimed at stealing critical data from defense companies by leveraging an advanced malware called ThreatNeedle, new research has revealed. The elaborate and ongoing cyberespionage campaign used emails with COVID-19...
Tax Season Ushers in Quickbooks Data-Theft Spike
Cybercriminals are ready for tax season with new malware designed to exfiltrate Quickbooks data and post it on the internet, according to a new report from ThreatLocker. Attackers use email to deliver the malware, which the ThreatLocker’s CEO Danny Jenkins told Threatpost is a simple, 15-line pie...
Emotet Emails Strike Thousands of DNC Volunteers
On Thursday, hundreds of U.S. organizations were targeted by an Emotet spear-phishing campaign, which sent thousands of emails purporting to be from the Democratic National Committee and recruiting potential Democratic volunteers. Emotet has historically utilized a variety of lure themes leveragi...
Kingsoft WPS Office Remote Heap Corruption Vulnerability
WPS Office is an office software released by Kingsoft Corporation Kingsoft, which can be applied to the most commonly used functions of office software, such as text editing, spreadsheets and presentations. A remote heap corruption vulnerability exists in Kingsoft WPS Office versions prior to...
CVE-2020-25291
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x...
Cross site request forgery (csrf)
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x...
CVE-2020-25291
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x...
The vulnerability of the OpenOffice.org component of the Office software suite LibreOffice, related to the operation of exceeding the allowed data buffer limits, allows a hacker to trigger a service failure.
The vulnerability of the OpenOffice.org component of the LibreOffice office software package is related to the operation of functions that exceed acceptable data buffer limits. Exploiting this vulnerability could allow a malicious actor to cause service failures through the use of a specially...
COVID-Themed Lures Target SCADA Sectors With Data Stealing Malware
A new malware campaign has been found using coronavirus-themed lures to strike government and energy sectors in Azerbaijan with remote access trojans RAT capable of exfiltrating sensitive documents, keystrokes, passwords, and even images from the webcam. The targeted attacks employ Microsoft Word...
Ascensio System ONLYOFFICE Document Server Input Validation Error Vulnerability
Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations, among others. An input validation error vulnerability exists in Ascensio System ONLYOFFICE Document...
Hackers are using Word documents to drop NetSupport Manager RAT
By Sudais Asif Before dropping NetSupport Manager RAT, attackers trick users into opening a malicious MS Word document by entering a password. This is a post from HackRead.com Read the original post: Hackers are using Word documents to drop NetSupport Manager RAT...
Uploading a malformed Word document and requesting it repeatedly renders Confluence unavailable.
h3. Issue Summary From the researcher: There is a Denial of Service issue in the "Import Word Document" functionality of Confluence Server. When importing a specially crafted word or openoffice document see attached Confluence will throw an java.lang.OutOfMemoryError:. Background: A Word document...
New version of IcedID Trojan uses steganographic payloads
This blog post was authored by @hasherezade, with contributions from @siriurz and Jérôme Segura. Security firm Proofpoint recently published a report about a series of malspam campaigns they attribute to a threat actor called TA2101. Originally targeting German and Italian users with Cobalt Strik...
CVE-2018-3983
An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage of this...
CVE-2018-3983
Summary: CVE-2018-3983 affects Atlantis Word Processor’s Word Document parser. An exploitable uninitialized pointer in the parsing pipeline can occur when handling the WordDocument structure (notably involving TTableRow/TField lists). A crafted .doc can cause an array fetch to return an uninitial...
CVE-2018-3983
An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage of this...
TAU Threat Intelligence Notification: NanoCore – Old Malware, New Tricks!
In analyzing the stream of raw emails seen in the wild, TAU discovered a campaign of what first appeared to be a fairly standard spear-phishing attack. The email contained a Word document which carried an exploit for CVE-2017-11882, a vulnerability that allows for Microsoft Office documents to ru...