silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,277
A Microsoft Office vulnerability patched by Microsoft in April, after threat actors had been using it in live attacks, is being abused in a new manner to infect computers with a remote access Trojan, Trend Micro warns.
Tracked as CVE-2017-0199, the originally zero-day remote code execution vulnerability was previously abused in attacks leveraging malicious Rich Text File (RTF) documents, exploiting a flaw in Office’s Object Linking and Embedding (OLE) interface to deliver malware such as the DRIDEX banking Trojan.
In recently observed attacks, however, CVE-2017-0199 is being exploited using a new method where PowerPoint Slide Show is abused for malware delivery. The malicious document is delivered as attachment to a spear-phishing email attachment, and the security researchers suggest that, as part of the attack, a sender address masquerading as that of a business partner is being used.
Read full article: PowerPoint Slide Show Files Used to Install Malware | SecurityWeek.Com
Tracked as CVE-2017-0199, the originally zero-day remote code execution vulnerability was previously abused in attacks leveraging malicious Rich Text File (RTF) documents, exploiting a flaw in Office’s Object Linking and Embedding (OLE) interface to deliver malware such as the DRIDEX banking Trojan.
In recently observed attacks, however, CVE-2017-0199 is being exploited using a new method where PowerPoint Slide Show is abused for malware delivery. The malicious document is delivered as attachment to a spear-phishing email attachment, and the security researchers suggest that, as part of the attack, a sender address masquerading as that of a business partner is being used.
Read full article: PowerPoint Slide Show Files Used to Install Malware | SecurityWeek.Com