A Critical MS Office Zero-day Remote Code Execution Vulnerability discovered in Microsoft Office that could allow attacker to take complete control of infected Windows Operating System and this vulnerability has been affected with all version of Microsoft Office.
This Zero-day vulnerability discovered in Office Open XML parser where Microsoft Office software fails to properly handle objects in memory.
Using this flow attacker could take full control of victims machine by run arbitrary code in the MS Office installed windows machine.
If the targetted machine running in administrative mode then attackers could take complete control and then install programs; view, change, or delete data; or create new accounts with full user rights.
sadly, this flow has presented in all the Microsoft office version which is running on all the different versions of Microsoft operating system.
Also Read : Hackers Can Steal Your Windows Login Credential Without User Interaction using New Windows OS Flow
Initially, Exploit this MS Office Zero-day vulnerability attack will send the malicious file with an affected version of Microsoft Office into victims.
An attacker can send the malicious exploitation file via mail to the user and convince the user to open the file. In this case, the attacker can’t force the user to open the file so that attacker Some Traditional social engineering method to convincing the user.
An Example Scenario, we have an Exploit RTF document containing a DOCX document that exploits this Zero-day Vulnerability within the Office Open XML parser.
This Exploit itself Contains word/document.xml with valid ‘font’ element in the body of the Exploit.
In this case according to ECMA-376 standard for Office Open XML File Formats valid ‘font’ element describing the fonts used in the document must look like this:
According to Kaspersky researchers, Exploit document failed to Close the tag </w:font> . The opening tag <w:font> is followed by the object element <o:idmap/> which cause ‘type confusion’ in the OOXML parser. Any object element can be used to successfully exploit this vulnerability.
Also attacker will apply the popular heap spraying ( heap spraying is a technique used in exploits to facilitate arbitrary code execution) technique with use of ActiveX components to control memory address.
According to Microsoft, The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory. and assign the CVE-2017-11826 for this MS Office Zero-day vulnerability .
This Flow patched by Microsoft and release the latest Patch update on Tuesday (17 October 2017) along with 62 vulnerabilities Patch.
cb3429e608144909ef25df2605c24ec253b10b6e99cbb6657afa6b92e9f32fb5
Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised…
Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack…
The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in…
A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto…
Threat Analysts have reported alarming findings about the "Araneida Scanner," a malicious tool allegedly based…
A major dark web operation dedicated to circumventing KYC (Know Your Customer) procedures, which involves…