The file format specs of content file types such as DOC or PDF are long and complex. Adobe Reader and Microsoft Office use hundreds of lines of code to process even the simplest content file. Hackers try to exploit programming bugs in that code to cause memory corruption issues, resulting in their own attack code being run on the victim machine that opened the document file. These malicious documents are regularly sent as an e-mail attachment to the victim.
Victims usually do not even realize they have been attacked because hackers use smart social engineering tactics to fool the victim into clicking the attachment, exploit the flaw, and then open the original document that matches the content of the e-mail.
This malicious document is sent by a hacker to a victim, maybe using a compromised computer to relay the e-mail to help hide the attacker identity. The e-mail arrives at the victim’s e-mail server and appears in their Inbox, just like any other e-mail message.
If the victim double-clicks the file attached to the inbox, the application registered for the file type launches and starts parsing the file. The hacker uses this malicious document to embed malformed content that will exploit a file-parsing flaw, making the app to corrupt memory on the stack or heap. Successful exploits give control to the attacker’s shellcode that has been loaded from the file into memory.
