Document Malware Current Threats
The chart below contains an overview of the most common document format exploits (see PDF Threats for PDF and Flash threats.) Targeted malware attacks, sometimes called "spear phishing" use Microsoft Office documents from Word, Excel and Powerport, RTF, CHM, and PDF.
Scan your documents for malware with Cryptam.
More info on our PDF Examiner for detection and analysis of malicious PDFs.
Current Office Document threatcon High: Reports of a new MS Office .doc zero day part of the Duqu malware threat in the wild. Patched Office and Flash exploits being actively targeted. No reported .docx (Office XML format) vulnerabilities.
| Release | CVE ID | Description | Exploit | Status | Exploitability | Patch | MWTracker Sample |
|---|---|---|---|---|---|---|---|
2011-04-11 | Adobe Flash embedded in Microsoft Word or Excel. Possible author @yuange1975. Reported by Mila Parkour. |
Adobe Flash zeroday. See the Adobe advisory for more information. | patched | Targeted attacks |
2011-04-15 > Flash 10.2.159.1 |
||
2011-03-14 | Adobe Flash embedded in Microsoft Excel (also affects PDF). Possible author @yuange1975. Used in RSA compromise. Reported by Mila Parkour. |
Adobe Flash zeroday, 1-byte fuzzing. See the Adobe advisory for more information. | patched | high |
2011-03-21 > Flash 10.2.152.33 |
||
2010-11-09 | MS Office Word/RTF exploit remote code execution. By Wu Shi of team509. |
Microsoft Office/Word RTF exploit Advisory 2423930 | patched | High |
2010-11-09 MS10-087 |
||
2011-01-04 | Thumbnail exploit in Windows - Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor. By By Moti Joseph and Xu Hao. |
Microsoft Windows thumbnail Advisory 2490606 | patched | Low |
2011-02-08 MS11-006 |
||
2009-11-10 | Microsoft Excel FEATHEADER Record Memory Corruption. By Sean Larsson. |
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution Advisory 972652 | patched | High |
2009-11-10 MS09-067 |
||
2009-06-09 | Microsoft Excel remote exploit. By Bing Liu of Fortinet. |
malformed record object Advisory 969462 | patched | Low |
2009-06-09 MS09-021 |
||
2009-04-02 | Microsoft Powerpoint remote exploit. By Marsu Pilami. |
Microsoft Powerpoint Boundary Condition Error Advisory 969136 | patched | Medium |
2009-05-12 MS09-017 |
||
2008-12-09 | WordPad / Microsoft Word malformed list structure. By unknown. |
malformed list Advisory 960906 | patched | Low |
2009-04-14 MS09-010 |
||
2008-08-12 | Array index vulnerability in Microsoft Office Excel. By VeriSign. |
array index Advisory 954066 | patched | Low |
2008-08-12 MS08-043 |
||
2008-01-15 | Microsoft Excel Macro Validation Vulnerability. By Mike Scott of SAIC and Matt Richard of VeriSign. |
Input Validation Error Advisory 947563 | patched | Low |
2008-03-08 MS08-014 |
||
2007-02-13 | Microsoft Word specially crafted data structure. By McAfee. |
Microsoft Word Advisory 929434 | patched | Low |
2007-02-13 MS07-014 |
||
2006-07-11 | Microsoft Office document parsing vulnerability. |
>Microsoft Office Advisory 917284 | patched | High |
2006-07-11 MS06-038 |
||
2005-05-10 | Microsoft Word Malformed (SmartTag) Object Pointer vulnerability. By Shih-hao Weng. |
malformed object pointer Advisory 919637 | patched | High |
2005-06-13 MS06-027 |
||
1997 | Design Flaw |
Microsoft Compiled HTML Help can contain and run executables. |
.CHM files run from local zone | ongoing | High |
Please contact us for more information.
This page was last updated 2012-02-09 13:55:06