Microsoft’s Malware Protection Center has observed malware in the wild which exploits a recently-patched vulnerability in Microsoft Office. This vulnerability is especially dangerous because it can be exploited, in some configurations, just by reading an e-mail.
The malware comes in the form of a specially-crafted RTF file which exploits CVE-2010-3333, one of the vulnerabilities patched in MS10-087, part of the November Patch Tuesday. CVE-2010-3333 is an RTF Stack Buffer Overflow Vulnerability. RTF data is handled by Microsoft Word and Outlook users can set Word to be their e-mail reader in Outlook. In such a configuration, if a malicious e-mail contains RTF data which exploits the vulnerability, it can trigger simply by reading the e-mail.
The vulnerability can also be triggered by attaching a malicious RTF file to an e-mail and convincing the user to download and open the RTF file. The Microsoft description of this attack, which they designate Exploit:Win32/CVE-2010-3333, implies that it uses a separate file, but is not completely clear on the matter.
The description goes into great detail of how the exploit triggers and executes shell code, but the user experience of the attack is unmentioned. Thus there is nothing specific to look for.
The best advice for users to avoid this attack is to make sure you have successfully installed MS10-087. It’s reasonable to expect that anti-malware products, such as Microsoft’s, contain or will soon contain definitions for specific instances of this attack.
Full story: Security Watch
Related Posts
- Highly Targeted Attacks and the Weakest Links
Here at Trend Micro, we have seen all kinds of cybercrime and digital threats. For the first-ever Cybersecurity Awareness Day in Singapore, one of my colleagues, Richard Sheng, has taken time out to e... - How Sophisticated are Targeted Malware Attacks?
Malware attacks that exploit vulnerabilities in popular software in order to compromise specific target sets are becoming increasingly commonplace. Prior to the highly publicized “Aurora”... - Targeted attacks against recently addressed Microsoft Office vulnerability (CVE-2010-3333/MS10-087)
Last November, Microsoft released security bulletin MS10-087, which addresses a number of critical vulnerabilities in how Microsoft Office parses various office file formats. One of them is CVE-2010-... - New IE Zero-Day used in Targeted Attacks
Things have been pretty rough in the Response world the past few weeks. The number of exploits taking advantage of unknown and unpatched vulnerabilities has been breathtaking.
read more
View full p... - New IE 0-Day used in Targeted Attacks
Things have been pretty rough in the Response world the past few weeks. The number of exploits taking advantage of unknown and unpatched vulnerabilities has been breathtaking.
One such case started f... - Mozilla warns of unpatched Firefox flaw used in attacks
Mozilla says it will patch a new zero-day flaw now being exploited in Web attacks.
View full post on Computerworld Security News... - Blog: Targeted attacks: businesses under threat
As the subject of targeted attacks remains one of the industry’s most hotly discussed topics, and the waves of such attacks appear to be relentless, our experts, Kostin and Magnus, together with... - Targeted scam threatening DDOS attacks
In a typical 419 scam message, we usually see lottery winning notifications, mentions of next of kin, or fake business offers. Often we observe spammers creating fake stories tying in with disasters o... - Targeted attacks with Excel files
We've previously shown screenshots of document files used in targeted espionage attacks. Most often, those have been PDF files, as they are the most commonly used filetype in such attacks.But ... - Analysis of the New Adobe Flash Attacks
When Adobe warned customers earlier this week about a newly discovered vulnerability in the Flash Player software, company officials said that there were already attacks underway against the bug. Thos...
Posted on 31 December 2010. Tags: Attacks, flaw, RecentlyPatched, Targeted, word
