Zero-day affects all Windows and Office versions McAfee experts say the vulnerability affects all current Office versions on all Windows operating systems. According to FireEye, 'the original winword.exe process is terminated in order to hide a user prompt generated by the OLE2link.' While the attack uses Word documents, OLE2link objects can also be embedded in other Office suite applications, such as Excel and PowerPoint. The HTA file is executed automatically, launching exploit code to take over the user's machine, closing the weaponized Word file, and displaying a decoy document instead. If the user has disabled Protected View, the exploit executes automatically, making an HTTP request to the attacker's server, from where it downloads an HTA (HTML application) file, disguised as an RTF. If the victim uses when opening files, the exploit is disabled and won't execute. The Word document contains a booby-trapped OLE2link object. Office Protected View stops the attacks Attacks with this zero-day follow a simple scenario, and start with an adversary emailing a victim a Microsoft Word document. McAfee researchers, who disclosed the zero-day's presence, say they've detected attacks leveraging this unpatched vulnerability going back to January this year. Zero Z Server Attack Download Download Average ratng: 9,2/10 7442 votes
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |