Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
EVGA GeForce RTX 3070 FTW3 Ultra review
Corsair 5000D PC Chassis Review
NZXT Kraken X63 RGB Review
ASUS Radeon RX 6900 XT STRIX OC LC Review
TerraMaster F5-221 NAS Review
MSI Radeon RX 6800 XT Gaming X TRIO Review
Sapphire Radeon RX 6800 NITRO+ review
Corsair HS70 Bluetooth Headset Review
MSI MEG X570 Unify review
Scythe Ninja 5 air cooler review

New Downloads
3DMark Download v2.16.7117 + Time Spy
Prime95 download version 30.4 build 6
Crystal DiskMark 8.0.1 Download
Corsair Utility Engine Download (iCUE) Download v3.37.140
ReShade download v4.9.1
GeForce 461.09 WHQL driver download
Intel HD graphics Driver Download Version: DCH 27.20.100.9126
HWiNFO Download v6.41–4345 Beta
MSI Afterburner 4.6.3 Beta 4 Download
BaseMark GPU Benchmark v1.2.3 download


New Forum Topics
Equivalent to Control Panel Frame Limiter in Older Drivers? System Requirements for Outriders for PC Announced Core i9-11900K CPU-Z benchmark result leaks? Premium Z590 motherboards to become brutally expensive, one mobo even passes 1500 EUR Review: MSI MEG X570 Unify ASUS ROG-STRIX-LC-RX6800XT-O16G-GAMING Instant crash under load My experience with 4-way Sli thus far AM4 and next gen CPU's compatibility? Radeon Adrenalin Edition 20.12.1 driver download & disccussion Review: Corsair 5000D PC chassis




Guru3D.com » News » Microsoft warns of Office-related malware

Microsoft warns of Office-related malware

by Hilbert Hagedoorn on: 01/04/2011 02:30 AM | source: | 0 comment(s)

Microsoft's Malware Protection Center issued a warning this week that it has spotted malicious code on the Internet that can take advantage of a flaw in Word and infect computers after a user does nothing more than read an e-mail. The flaw was addressed in November in a fix issued on Patch Tuesday, but with malicious code now spotted in the wild, the protection center apparently wants to be sure the update wasn't overlooked.

Last November, Microsoft released security bulletin MS10-087, which addresses a number of critical vulnerabilities in how Microsoft Office parses various office file formats. One of them is CVE-2010-3333, "RTF Stack Buffer Overflow Vulnerability," which could lead to remote code execution via specially crafted RTF data. A few days before Christmas, we received a new sample (sha1: cc47a73118c51b0d32fd88d48863afb1af7b2578) that reliably exploits this vulnerability and is able to execute malicious shellcode which downloads other malware.

The vulnerability can be triggered by utilizing a specially crafted RTF file with a size parameter that is bigger than the expected one. The vulnerability is present in Microsoft Word. It attempts to copy RTF data to the stack memory without validating the size, which will lead to overwriting the stack.

After executing the code in figure 1.10, the stack memory is overwritten by first part of the shellcode. The challenge for the exploit writer here is to make sure that the shellcode gets control and is executed. In this sample, one of the return addresses was overwritten by another address, which can be found in any known DLL loaded in the memory. That address contains a single piece of code, Jmp ESP, that transfer the control to the stack memory containing our first shellcode.







« Core i5 2500K & Core i7 2600K processor review · Microsoft warns of Office-related malware · Sparkle GeForce GTX 570 V-Go cards »

Related Stories

Microsoft urges companies to dump Windows XP - 09/19/2011 09:09 AM
In an new post on the official Windows blog site, Microsoft's Stephen L Rose stated that there are two big reasons for leaving Windows XP behind. One of them is, of course, the fact that there is a ne...

Microsoft shows off Windows 8 preview - 09/14/2011 09:04 AM
Microsoft presented a developer preview of Windows 8 at its BUILD conference in Los Angeles. The company demonstrates the new Metro user interface, Internet Explorer 10, new touch features and many ot...

Microsoft adds RAW preview support to Windows 7 - 07/28/2011 09:04 AM
After a quick codec pack download, those of you running Windows 7 or Vista should be able to preview RAW files straight from Windows Explorer, without having to use third-party tools like Adobe Bridge...

AMD Bulldozer APU could Power Microsoft's Next Xbox Console - 07/22/2011 09:43 AM
Accriding to a rumor on the web Microsoft's next-generation Xbox gaming console might be powered by an AMD-designed accelerated processing unit that is based on the Bulldozer architecture, according t...

Microsoft reveals 128-bit AES encryption based wireless keyboard - 06/07/2011 08:04 AM
Mircosoft announced the Wireless Desktop 2000, a new wireless keyboard that protects your keystrokes with AES 128-bit encryption. The unit will be available within about a month for roughly $40. The e...



Guru3D.com © 2021