DRJ Fall 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 32, Issue 2

Full Contents Now Available!

Wednesday, 06 March 2019 15:31

Word Bug Allows Attackers to Sneak Exploits Past Anti-Malware Defenses

Problem lies in the manner in which Word handles integer overflow errors in OLE file format, Mimecast says.

The manner in which Microsoft Word handles integer overflow errors in the Object Linking and Embedding (OLE) file format has given attackers a way to sneak weaponized Word documents past enterprises sandboxes and other anti-malware controls.

Security vendor Mimecast, which discovered the issue, says its researchers have observed attackers taking advantage of the OLE error in recent months to hide exploits for an old bug in the Equation Editor component of Office that was disclosed and patched in 2017.

In one instance, an attacker dropped a new variant of a remote access backdoor called JACKSBOT on a vulnerable system by "chaining" or combining the Equation Editor exploit with the OLE file format error.