Document Malware Current Threats
The chart below contains an overview of the most common document format exploits (see PDF Threats for PDF and Flash threats.) Targeted malware attacks, sometimes called "spear phishing" use Microsoft Office documents from Word, Excel and Powerport, RTF, CHM, and PDF.
Scan your documents for malware with Cryptam.
More info on our PDF Examiner for detection and analysis of malicious PDFs.
Current Office Document threatcon High: Higher than normal levels of document and RTF targeted attacks - CVE-2012-0158, patched new exploits CVE-2013-0633/CVE-2013-0634. Mac APT attacks using CVE-2009-0563 .doc file.
| Release | CVE ID | Description | Exploit | Status | Exploitability | Patch | Cryptam Sample |
|---|---|---|---|---|---|---|---|
2013-02-07 | Adobe Flash in Microsoft Office document. |
Adobe Flash zeroday attacks - memory corruption. See the Adobe advisory for more information. | patched | Low Targeted attacks |
2013-02-07 > Flash 11.5.502.146 |
||
2013-02-07 | Adobe Flash in Microsoft Office document. |
Adobe Flash zeroday attacks - buffer overflow. See the Adobe advisory for more information. | patched | Low Targeted attacks |
2013-02-07 > Flash 11.5.502.146 |
not yet public | |
2012-09-28 | Flash in Office zero day. |
Flash exploit Matrix3D integer overflow. "Silent patch" for July.swf issue. See the Adobe advisory for more information. | patched | Very limited targeted |
2012-09-28 > Flash 11.3.300.271 |
||
2012-08-14 | Microsoft Office zero day. |
MS OfficeZero day MSCOMCTL.OCX's TabStrip control. See the technet blog post for more information. | patched | Very limited targeted |
2012-08-14 MS12-060 > Patch KB2687323 |
||
2012-08-14 | Adobe Flash in Microsoft Office document. |
Adobe Flash zeroday attacks. See the Adobe advisory for more information. | patched | Targeted attacks |
2012-08-14 > Flash 11.3.300.270 |
||
2012-05-04 | Adobe Flash remote download in Microsoft Office document. |
Adobe Flash zeroday attacks since late April 2012. See the Adobe advisory for more information. | patched | Moderate |
2012-05-04 > Flash 11.2.202.233 |
||
2012-04-10 | Microsoft Office Windows Common Controls zero day. |
MS Office. See the Microsoft advisory MS12-027 for more information. | patched | Heavy Attacks |
2012-04-10 > Patch KB2597112 |
||
2012-02-15 | Adobe Flash+MP4 embedded in Microsoft Office document. First sample reported by Mila Parkour. |
Adobe Flash zeroday. See the Adobe advisory for more information. | patched | Targeted attacks |
2012-02-15 > Flash 11.1.102.55 |
||
2011-04-12 | Interger underflow in Excel |
Microsoft Excel exploit. See the Microsoft advisory MS11-021 for more information. | patched | Targeted attacks |
2011-04-12 > Patched |
||
2011-04-11 | Adobe Flash embedded in Microsoft Word or Excel. Possible author @yuange1975. Reported by Mila Parkour. |
Adobe Flash zeroday. See the Adobe advisory for more information. | patched | Targeted attacks |
2011-04-15 > Flash 10.2.159.1 |
||
2011-03-14 | Adobe Flash embedded in Microsoft Excel (also affects PDF). Possible author @yuange1975. Used in RSA compromise. Reported by Mila Parkour. |
Adobe Flash zeroday, 1-byte fuzzing. See the Adobe advisory for more information. | patched | high |
2011-03-21 > Flash 10.2.152.33 |
||
2010-11-09 | MS Office Word/RTF exploit remote code execution. By Wu Shi of team509. |
Microsoft Office/Word RTF exploit Advisory 2423930 | patched | High |
2010-11-09 MS10-087 |
||
2011-01-04 | Thumbnail exploit in Windows - Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor. By By Moti Joseph and Xu Hao. |
Microsoft Windows thumbnail Advisory 2490606 | patched | Low |
2011-02-08 MS11-006 |
||
2009-11-10 | Microsoft Excel FEATHEADER Record Memory Corruption. By Sean Larsson. |
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution Advisory 972652 | patched | High |
2009-11-10 MS09-067 |
||
2009-06-09 | Microsoft Word Buffer Overflow Vulnerability zero day. Reported by Wushi of team509 |
MS Office. See the Microsoft advisory MS09-027 for more information. | patched | Targeted attacks |
2009-06-09 > Patched |
||
2009-06-09 | Microsoft Excel remote exploit. By Bing Liu of Fortinet. |
malformed record object Advisory 969462 | patched | Low |
2009-06-09 MS09-021 |
||
2009-04-02 | Microsoft Powerpoint remote exploit. By Marsu Pilami. |
Microsoft Powerpoint Boundary Condition Error Advisory 969136 | patched | Medium |
2009-05-12 MS09-017 |
||
2008-12-09 | WordPad / Microsoft Word malformed list structure. By unknown. |
malformed list Advisory 960906 | patched | Low |
2009-04-14 MS09-010 |
||
2008-08-12 | Array index vulnerability in Microsoft Office Excel. By VeriSign. |
array index Advisory 954066 | patched | Low |
2008-08-12 MS08-043 |
||
2008-01-15 | Microsoft Excel Macro Validation Vulnerability. By Mike Scott of SAIC and Matt Richard of VeriSign. |
Input Validation Error Advisory 947563 | patched | Low |
2008-03-08 MS08-014 |
||
2007-02-13 | Microsoft Word specially crafted data structure. By McAfee. |
Microsoft Word Advisory 929434 | patched | Low |
2007-02-13 MS07-014 |
||
2006-07-11 | Microsoft Office document parsing vulnerability. |
Microsoft Office Advisory 917284 | patched | High |
2006-07-11 MS06-038 |
||
2005-05-10 | Microsoft Word Malformed (SmartTag) Object Pointer vulnerability. By Shih-hao Weng. |
malformed object pointer Advisory 919637 | patched | High |
2005-06-13 MS06-027 |
||
1997 | Design Flaw |
Microsoft Compiled HTML Help can contain and run executables. |
.CHM files run from local zone | ongoing | High |
Please contact us for more information.
This page was last updated 2013-04-12 02:19:55