Results for microsoft word

Threat Research

.Net RAT Malware Being Spread by MS Word Documents

Fortinet’s FortiGuard Labs captured a malicious MS Word document from the wild that contains auto-executable malicious VBA code that can spread and install NanoCore RAT software on a victim’s Windows system.

By Xiaopeng ZhangJanuary 15, 2019

Threat Research

FortiGuard Labs Discovers Multiple Use-After-Free Vulnerabilities in Microsoft Word

During the last few months, FortiGuard Labs discovered and reported multiple use-after-free (UAF) vulnerabilities found in different versions of Microsoft Word. These vulnerabilities were patched in the January and March security updates, respectively. These patches are rated as critical/important, and as always, we urge users update Microsoft Office as soon as possible.

By Wayne Chin Yick LowMarch 22, 2018

Threat Research

Deep Analysis of New Emotet Variant – Part 2

This is the second part of FortiGuard Labs’ deep analysis of the new Emotet variant. In the first part of the analysis we demonstrated that by bypassing the server-side Anti-Debug or Anti-Analysis technique we could download three or four modules (.dll files) from the C&C server. In that first blog we only analyzed one module (I named it ‘module2’). In this blog, we’ll review how the other modules work. Here we go.

By Xiaopeng ZhangMay 09, 2017

Threat Research

Microsoft Word File Spreads Malware Targeting Both Mac OS X and Windows (Part II)

In the blog we posted on March 22, FortiGuard Labs introduced a new Word Macro malware sample that targets both Apple Mac OS X and Microsoft Windows. After deeper investigation of this malware sample, we can confirm that after a successful infection the post-exploitation agent Meterpreter is run on the infected Mac OS X or Windows system. Meterpreter is part of the Metasploit framework. More information about Meterpreter can be found here. For this to work, the attacker’s server must be running Metasploit as the controller to control the...

Threat Research

It's Patch Tuesday - FortiGuard Labs Discloses a Microsoft Word Heap Overflow Vulnerability

Overview Microsoft Office is the most popular productivity suite in the world, first released by the Redmond software giant in 1988. Microsoft releases updates and patches for its software, including Office, on what is now commonly known as Patch Tuesday (the second and sometimes the fourth Tuesday of each month). Today, Patch Tuesday includes not one, not two, but three vulnerabilities discovered by researchers at FortiGuard Labs. The first is a heap overflow vulnerability Microsoft Word 2007. Although it was released eight years ago, Office...

By Kai LuDecember 08, 2015

Threat Research

It's Still Patch Tuesday - FortiGuard Labs Discloses Microsoft Office Word Double Free Vulnerability

Overview From the Yes, You Really Should Upgrade Department, FortiGuard Labs has discovered a third Microsoft Office Vulnerability that is rolled into today's Patch Tuesday updates. For a bit of variety, this is a double free vulnerability in Word 2007 and 2010. The vulnerability occurs when Word fails to validate that a pointer was already released before attempting to release it again, causing conditions that attackers could leverage to achieve remote code execution scenarios. The underlying problem involves an internal structure...

By Kai LuDecember 08, 2015