Document Malware Current Threats


The chart below contains an overview of the most common document format exploits (see PDF Threats for PDF and Flash threats.) Targeted malware attacks, sometimes called "spear phishing" use Microsoft Office documents from Word, Excel and Powerport, RTF, CHM, and PDF.

Scan your documents for malware with Cryptam.

More info on our PDF Examiner for detection and analysis of malicious PDFs.

Current Office Document threatcon High: Higher than normal levels of document and RTF targeted attacks.

ReleaseCVE IDDescriptionExploitStatusExploitabilityPatchCryptam Sample

2014-03-27

CVE-2014-1761

MS Office RTF listoveridecount vulnerability.

Used in zero day attacks, very low volume. advisory 2953095

patched

Very Low Targeted attacks

2014-04-08 MS14-017

cryptam

2013-11-05

CVE-2013-3906

MS Office TIFF exploit.

Used in zero day attacks, very low volume. advisory 2896666 Workaround info

patched

Very Low Targeted attacks

2013-12-10 MS13-096

coming soon

2013-06-11

CVE-2013-1331

MS Office PNG chunk size parsing stack overflow.

Used in zero day attacks, very low volume since at least 2013-03-04. See the technet article for more information.

patched

Very Low Targeted attacks

2013-06-11 > kb2817421

Cryptam report

2013-06-06

N/A

Exploit for pre MS12-060 patch.

MS Office old-day exploit MSCOMCTL.OCX's toolbar control. See our blog post reporting the new exploit for an old patched Office version.

patched

Medium

2012-08-14 MS12-060 > Patch KB2687323

Cryptam report

2013-02-07

CVE-2013-0634

Adobe Flash in Microsoft Office document.

Adobe Flash zeroday attacks - memory corruption. See the Adobe advisory for more information.

patched

Low Targeted attacks

2013-02-07 > Flash 11.5.502.146

Cryptam report

2013-02-07

CVE-2013-0633

Adobe Flash in Microsoft Office document.

Adobe Flash zeroday attacks - buffer overflow. See the Adobe advisory for more information.

patched

Low Targeted attacks

2013-02-07 > Flash 11.5.502.146

not yet public

2012-09-28

CVE-2012-5054

Flash in Office zero day.

Flash exploit Matrix3D integer overflow. "Silent patch" for July.swf issue. See the Adobe advisory for more information.

patched

Very limited targeted

2012-09-28 > Flash 11.3.300.271

Cryptam report

2012-08-14

CVE-2012-1856

Microsoft Office zero day.

MS OfficeZero day MSCOMCTL.OCX's TabStrip control. See the technet blog post for more information.

patched

Very limited targeted

2012-08-14 MS12-060 > Patch KB2687323

Cryptam report

2012-08-14

CVE-2012-1535

Adobe Flash in Microsoft Office document.

Adobe Flash zeroday attacks. See the Adobe advisory for more information.

patched

Targeted attacks

2012-08-14 > Flash 11.3.300.270

Cryptam report

2012-05-04

CVE-2012-0779

Adobe Flash remote download in Microsoft Office document.

Adobe Flash zeroday attacks since late April 2012. See the Adobe advisory for more information.

patched

Moderate

2012-05-04 > Flash 11.2.202.233

Cryptam report

2012-04-10

CVE-2012-0158

Microsoft Office Windows Common Controls zero day.

MS Office. See the Microsoft advisory MS12-027 for more information.

patched

Heavy Attacks

2012-04-10 > Patch KB2597112

Cryptam report

2012-02-15

CVE-2012-0754

Adobe Flash+MP4 embedded in Microsoft Office document. First sample reported by Mila Parkour.

Adobe Flash zeroday. See the Adobe advisory for more information.

patched

Targeted attacks

2012-02-15 > Flash 11.1.102.55

Cryptam report

2011-04-12

CVE-2011-0097

Interger underflow in Excel

Microsoft Excel exploit. See the Microsoft advisory MS11-021 for more information.

patched

Targeted attacks

2011-04-12 > Patched

n/a report one

2011-04-11

CVE-2011-0611

Adobe Flash embedded in Microsoft Word or Excel. Possible author @yuange1975. Reported by Mila Parkour.

Adobe Flash zeroday. See the Adobe advisory for more information.

patched

Targeted attacks

2011-04-15 > Flash 10.2.159.1

n/a report one

2011-03-14

CVE-2011-0609

Adobe Flash embedded in Microsoft Excel (also affects PDF). Possible author @yuange1975. Used in RSA compromise. Reported by Mila Parkour.

Adobe Flash zeroday, 1-byte fuzzing. See the Adobe advisory for more information.

patched

high

2011-03-21 > Flash 10.2.152.33

n/a report one

2010-11-09

CVE-2010-3333

MS Office Word/RTF exploit remote code execution. By Wu Shi of team509.

Microsoft Office/Word RTF exploit Advisory 2423930

patched

High

2010-11-09 MS10-087

n/a report one

2011-01-04

CVE-2010-3970

Thumbnail exploit in Windows - Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor. By By Moti Joseph and Xu Hao.

Microsoft Windows thumbnail Advisory 2490606

patched

Low

2011-02-08 MS11-006

n/a report one

2009-11-10

CVE-2009-3129

Microsoft Excel FEATHEADER Record Memory Corruption. By Sean Larsson.

Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution Advisory 972652

patched

High

2009-11-10 MS09-067

n/a report one

2009-06-09

CVE-2009-0563

Microsoft Word Buffer Overflow Vulnerability zero day. Reported by Wushi of team509

MS Office. See the Microsoft advisory MS09-027 for more information.

patched

Targeted attacks

2009-06-09 > Patched

Cryptam report [Mac Malware]

2009-06-09

CVE-2009-0557

Microsoft Excel remote exploit. By Bing Liu of Fortinet.

malformed record object Advisory 969462

patched

Low

2009-06-09 MS09-021

n/a report one

2009-04-02

CVE-2009-0556

Microsoft Powerpoint remote exploit. By Marsu Pilami.

Microsoft Powerpoint Boundary Condition Error Advisory 969136

patched

Medium

2009-05-12 MS09-017

n/a report one

2008-12-09

CVE-2008-4841

WordPad / Microsoft Word malformed list structure. By unknown.

malformed list Advisory 960906

patched

Low

2009-04-14 MS09-010

n/a report one

2008-08-12

CVE-2008-3005

Array index vulnerability in Microsoft Office Excel. By VeriSign.

array index Advisory 954066

patched

Low

2008-08-12 MS08-043

n/a report one

2008-01-15

CVE-2008-0081

Microsoft Excel Macro Validation Vulnerability. By Mike Scott of SAIC and Matt Richard of VeriSign.

Input Validation Error Advisory 947563

patched

Low

2008-03-08 MS08-014

n/a report one

2007-02-13

CVE-2006-6456

Microsoft Word specially crafted data structure. By McAfee.

Microsoft Word Advisory 929434

patched

Low

2007-02-13 MS07-014

n/a report one

2006-07-11

CVE-2006-2389

Microsoft Office document parsing vulnerability.

Microsoft Office Advisory 917284

patched

High

2006-07-11 MS06-038

n/a report one

2005-05-10

CVE-2006-2492

Microsoft Word Malformed (SmartTag) Object Pointer vulnerability. By Shih-hao Weng.

malformed object pointer Advisory 919637

patched

High

2005-06-13 MS06-027

n/a report one

1997

Design Flaw

Microsoft Compiled HTML Help can contain and run executables.

.CHM files run from local zone

ongoing

High

n/a report one



Please contact us for more information.

This page was last updated 2014-08-14 04:24:46