This error eventually causes an out-of-bounds array overwrite that results in incorrect handling of the structure by Word and leads to the attacker’s controlling an extended instruction pointer (EIP). However, according to Microsoft’s RTF specifications this value should be either 1 or 9. The flaw lies in the value of the “ListOverrideCount,” which is set to 25. These exploits target the recently discovered RTF zero-day vulnerability CVE-2014-1761. The preceding spear phishing emails come from attackers using the French Yahoo and Laposte email services and possibly impersonating employees of the targeted organization. Both of these vulnerabilities have been popular in several ongoing targeted attacks. The attachments exploit the recently patched RTF vulnerability CVE-2014-1761 and the previously patched ActiveX control vulnerability CVE-2012-0158. We have seen email sent to a large group of individuals in the organization. Exploits that use patched vulnerabilities delivered via spear phishing email are one of the most successful combinations used by attackers to infiltrate targeted organizations and gain access to confidential information.ĭuring the last month, McAfee Labs researchers have uncovered targeted attacks carried out via spear phishing email against a French company. Messages that appear legitimate and specific fool us more often than random phishing attempts.
Spear phishing email is a major worry to any organization.
0 kommentar(er)
