FortiGuard Labs recently captured some malware which was developed with the Microsoft .Net framework. I analyzed one of them, and in this blog, I’m going to show you how it is able to steal information from a victim’s machine. The malware was spread via a Microsoft Word document that contained an auto-executable malicious VBA Macro. Figure 1 below shows how it looks when it’s opened. Figure 1. When the malicious Word document is opened What the VBA code does Once you click the “Enable Content”... [Read More]
by RSS Xiaopeng Zhang  |  Jun 28, 2017  |  Filed in: Security Research
Fortinet has discovered a potential attack surface for Microsoft office via EXD file. After a malformed or specifically crafted EXD file was placed in an expected location, it could trigger a remote code execution when a document with ActiveX is opened with office applications. Type Library (TypeLib) vs Extender Type Library (EXD) A type library (described as TypeLib by MSDN) is not uncommon for people who often deal with COM or ActiveX components development as it always associated with these components. As quoted from MSDN, TypeLib are binary... [Read More]
by RSS Wayne Chin Yick Low  |  Apr 01, 2016  |  Filed in: Security Research
Tags: office 0day
Microsoft published their monthly advanced notification for critical and important patches, and this month Microsoft will deploy patches that cover Windows, Office, Outlook, Internet Explorer, SharePoint and FrontPage. Microsoft will make 14 patches available for their customers. The patches will be made available to the general public this Tuesday, September 10. Bulletin 1: Rated Critical - affects Office and Server software: may allow remote code execution. Patch may require a reboot. Bulletin 2: Rated Critical - affects Office: may allow... [Read More]
by RSS Richard Henderson  |  Sep 08, 2013  |  Filed in: Industry Trends