Results for office

Threat Research

Potential Malware Campaign Targeting JustSystems Ichitaro Users

Recently, we came across some interesting samples in jtd format, which is the file format used by JustSystems Ichitaro. The following is a quick primer for readers who are unfamiliar with the Japanese market.

By Minh TranNovember 09, 2017

Threat Research

In-Depth Analysis of A New Variant of .NET Malware AgentTesla

FortiGuard Labs recently captured some malware which was developed with the Microsoft .Net framework. I analyzed one of them, and in this blog, I’m going to show you how it is able to steal information from a victim’s machine. The malware was spread via a Microsoft Word document that contained an auto-executable malicious VBA Macro. Figure 1 below shows how it looks when it’s opened. Figure 1. When the malicious Word document is opened What the VBA code does Once you click the “Enable Content”...

By Xiaopeng ZhangJune 28, 2017

Threat Research

EXD: An attack surface for Microsoft Office

Fortinet has discovered a potential attack surface for Microsoft office via EXD file. After a malformed or specifically crafted EXD file was placed in an expected location, it could trigger a remote code execution when a document with ActiveX is opened with office applications. Type Library (TypeLib) vs Extender Type Library (EXD) A type library (described as TypeLib by MSDN) is not uncommon for people who often deal with COM or ActiveX components development as it always associated with these components. As quoted from MSDN, TypeLib are binary...

By Wayne Chin Yick LowApril 01, 2016

Industry Trends

September's Patch Tuesday - Get Ready!

Microsoft published their monthly advanced notification for critical and important patches, and this month Microsoft will deploy patches that cover Windows, Office, Outlook, Internet Explorer, SharePoint and FrontPage. Microsoft will make 14 patches available for their customers. The patches will be made available to the general public this Tuesday, September 10. Bulletin 1: Rated Critical - affects Office and Server software: may allow remote code execution. Patch may require a reboot. Bulletin 2: Rated Critical - affects Office: may allow...

By Richard HendersonSeptember 08, 2013