Results for ms office

Threat Research

Potential Ichitaro Phishing Vulnerability

The FortiGuard Labs team continually tracks phishing and spam campaigns around the world. Sending users macro-enabled documents with a malicious payload is one of the most commonly used malware attack vectors for phishing campaigns. This attack vector has been used by used by such prevalent malware families as Dridex, Fareit, and Hancitor. The key to these sorts of campaigns is luring users into clicking on a malicious file attached to an email message. As a result, malware distributors are always looking for ways to trick users into executing their...

By Tien Phung PhanOctober 02, 2017

Threat Research

Spear Phishing Fileless Attack with CVE-2017-0199

Introduction CVE-2017-0199 is a remote code execution vulnerability that exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploits this vulnerability can take control of an affected system and then install programs, view, change, or delete data, or create new accounts with full user rights. Microsoft issued a patch for this vulnerability April, and most security vendors have published alarms for it. Unfortunately, attacks targeting this vulnerability are still widely being used...

By Bahare Sabouri and He XuMay 30, 2017

Threat Research

REMCOS: A New RAT In The Wild

Remcos is another RAT (Remote Administration Tool) that was first discovered being sold in hacking forums in the second half of 2016. Since then, it has been updated with more features, and just recently, we’ve seen its payload being distributed in the wild for the first time. This article demonstrates how this commercialized RAT is being used in an attack, and what its latest version (v1.7.3) is capable of doing. Remcos is currently being sold from $58 to $389, depending on the license period and the maximum number of masters or clients...

By Floser Bacurio and Joie SalvioFebruary 14, 2017

Threat Research

Analysis of CVE-2016-0059 - Microsoft IE Information Disclosure Vulnerability Discovered by Fortinet

Summary This month Microsoft patched two vulnerabilities which were discovered and reported by me, one is an information disclosure vulnerability in Internet Explorer (IE) (CVE-2016-0059 in MS16-009), the other is a memory corruption vulnerability in Microsoft Office (CVE-2016-0055 in MS16-015). In this blog, we will provide in-depth analysis of CVE-2016-0059. The vulnerability exists because Microsoft Hyperlink Object Library improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability...

By Kai LuFebruary 19, 2016

Threat Research

Deep Analysis of CVE-2016-0010 - Microsoft Office RTF File Handling Heap Overflow Vulnerability

Summary On the patch Tuesday of this month, Microsoft patched 3 Office vulnerabilities in MS16-004. The vulnerability CVE-2016-0010 was discovered by myself and Fortinet's threat research team at the FortiGuard Labs. It is a heap overflow vulnerability in Microsoft Office because it fails to parse RTF documents correctly. Successful exploitation of this vulnerability could allow malicious users to create remote code execution scenarios. The underlying problem involves a typical heap overflow caused by a user-supplied value which is copied...

By Kai LuJanuary 20, 2016