“The Word bug that just won’t die”: CVE-2012-0158, the cybercrime gift that keeps on taking…

vawtrak-bankArguably one of the most exploited Microsoft Office vulnerabilities of the last decade, CVE-2012-0158’s longevity is one of constant adaptation. Ever since its disclosure in 2012, this vulnerability has been the attack vector of choice for exploitation by attackers who seek to hijack Microsoft Word or Excel and force these programs to execute malicious code.

In fact, according to SophosLabs research, as late as Q4 2015, CVE-2012-0158 was still used by 48% of exploits specifically targeting Office documents.

In this new research paper, Graham Chantry of SophosLabs provides a deep dive into several exploits found in the wild and how they work using CVE-2012-0158.

This paper also investigates why this vulnerability has been so persistent and popular for the past four years, and theorizes about its possible longevity. The good news for most of us is that the number of computers still vulnerable to this attack is dwindling worldwide, especially as Office releases new updates, and more computers are patched and upgraded to defend against this specific vulnerability.

Our researchers dissect all aspects of this vulnerability in this new research paper: how it works, why it’s been so popular, how it’s changed form, who it’s most commonly utilized against and what the future holds for it.

You can download the paper, as well as all our other SophosLabs research, on our technical papers page.

About SophosLabs

SophosLabs is the global network of threat centers staffed by Sophos researchers and analysts.

You can find our industry-leading research and technical papers, expert opinion, and security advice at Naked Security and right here on the Sophos Blog.

Sign up for our Sophos Blog newsletter, follow us on your favorite social media networks, chat with us in our forums, download our informative podcasts, or sign up for our RSS feeds.

Leave a Reply

Your email address will not be published. Required fields are marked *