Security News > 2017 > April > Not Just Criminals, But Governments Were Also Using MS Word 0-Day Exploit (The Hackers News)
2017-04-13 01:41
Recently we reported about a critical code execution vulnerability in Microsoft Word that was being exploited in the wild by cyber criminal groups to distribute malware like Dridex banking trojans and Latentbot. Now, it turns out that the same previously undisclosed vulnerability in Word (CVE-2017-0199) was also actively being exploited by the government-sponsored hackers to spy on Russian
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/okwtVNZCNXc/microsoft-word-zeroday.html
Related news
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
- Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites (source)
- Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign (source)
- Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
- Hackers exploit LiteSpeed Cache flaw to create WordPress admins (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-12 | CVE-2017-0199 | Remote Code Execution vulnerability in Microsoft Office OLE Feature Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API." | 9.3 |