An unpatched bug that
malicious files into the victim’s system.A bug that existing in the JavaScript code execution within the office-embedded video component leads attackers to execute the malicious code.
This flaw affected Office 2016 and older versions and it will not produce any security warning while victims opening the document.
Researchers built a Proof-of-concept for this attack using youtube video link with word document and demonstrate the infection process.
This flaw allows let an attacker execute the powerful malware or ransomware also they will use the evasion technique to avoid the security software detection.
Malicious hackers having an embedded video link inside of the Microsoft word document and send to victims via phishing mail that trick users to open it.
Embedded video contains a link that pointed to YOUTUBE and the hidden html
.According to cymulate, This attack is carried out by embedding a video inside a Word document, editing the XML file named document.xml, replacing the video link with a crafted payload created by the attacker which opens Internet Explorer Download Manager with the embedded code execution file.
Embed an online video option within the word document and link any YouTube video and save the document.
Later unpack the word document using unpacker or change the extension as
Word document contains a file called
A researcher from cymulate
Block Word documents containing the tag: “embeddedHtml” in the Document.xml file of the word documents.
Block word documents containing an embedded video.
Patched MS Office RCE Vulnerability Again Abused Windows Installer and Delivering a Keylogger
SmokeLoader Malware Abusing MS Office Document and Compromise Windows 8 ,10 Users PC
Lazarus Hacking Group Delivering RATANKBA Malware & Remote Hacking Tool Via MS Office Documents
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert on a…
The Biden administration confirmed that a Chinese state-sponsored hacking group breached the U.S. Treasury Department,…
Security researchers Daan Keuper, Thijs Alkemade, and Khaled Nassar from Computest Sector 7 disclosed a…
Researchers observed a recent surge in activity from the "FICORA" and "CAPSAICIN," both variants of…
The watering hole attack leverages a compromised website to deliver malware. When a user visits…
The NFS protocol offers authentication methods like AUTH_SYS, which relies on untrusted user IDs, and…