Microsoft word

An unpatched bug that abusing Microsoft word Online Video future that allow an attacker to deliver malicious files into the victim’s system.

A bug that existing in the JavaScript code execution within the office-embedded video component leads attackers to execute the malicious code.

This flaw affected Office 2016 and older versions and it will not produce any security warning while victims opening the document.

Researchers built a Proof-of-concept for this attack using youtube video link with word document and demonstrate the infection process.

This flaw allows let an attacker execute the powerful malware or ransomware also they will use the evasion technique to avoid the security software detection.

Read more…