Be careful – They can hack you through PowerPoint

  • 617
  •  
  •  
  • 1
  •  
  •  
  •  
    618
    Shares

A new malware campaign that is leveraging CVE-2017-0199 vulnerability and making its way into businesses through a malicious PowerPoint email attachment.

Trend Micro security researchers have discovered the campaign, and this is the first time it has been seen to abuse PowerPoint Slide Show in the wild.

The vulnerability allows an attacker to take control of an affected system. An attacker could then install applications, view, change, or delete data; or maybe create new accounts with full user permissions.

According to Trend Micro:
“CVE-2017-0199 was originally a zero-day remote code execution vulnerability that allowed attackers to exploit a flaw that exists in the Windows Object Linking and Embedding (OLE) interface of Microsoft Office to deliver malware. It is commonly exploited via the use of malicious Rich Text File (RTF) documents, a method used by the DRIDEX banking trojan discovered earlier this year.”

The attack starts by receiving an email about shipping information that includes a malicious PowerPoint file in the attachments. When the malicious PowerPoint Show file is opened (executed), it will exploit the CVE-2017-0199 vulnerability, which downloads and executes RATMAN.exe (A remote control tool enables attackers to control infected systems.) on the targeted system.

“Users should also always patch their systems with the latest security updates. Given that Microsoft already addressed this vulnerability back in April, users with updated patches are safe from these attacks.”

The following two tabs change content below.
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!