Arguably one of the most exploited Microsoft Office vulnerabilities of the last decade, CVE-2012-0158’s longevity is one of constant adaptation. Ever since its disclosure in 2012, this vulnerability has been the attack vector of choice for exploitation by attackers who seek to hijack Microsoft Word or Excel and force these programs to execute malicious code.
In fact, according to SophosLabs research, as late as Q4 2015, CVE-2012-0158 was still used by 48% of exploits specifically targeting Office documents.
In this new research paper, Graham Chantry of SophosLabs provides a deep dive into several exploits found in the wild and how they work using CVE-2012-0158.
This paper also investigates why this vulnerability has been so persistent and popular for the past four years, and theorizes about its possible longevity. The good news for most of us is that the number of computers still vulnerable to this attack is dwindling worldwide, especially as Office releases new updates, and more computers are patched and upgraded to defend against this specific vulnerability.
Our researchers dissect all aspects of this vulnerability in this new research paper: how it works, why it’s been so popular, how it’s changed form, who it’s most commonly utilized against and what the future holds for it.
SophosLabs is the global network of threat centers staffed by Sophos researchers and analysts.