My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

Doctor Web examines new exploit for Microsoft Office

April 20, 2017

Doctor Web is warning users about a new vulnerability in Microsoft Office. It allows cybercriminals to download executable files to an attacked computer.

This vulnerability has been detected in Microsoft Word. Cybercriminals have developed an active exploit for this application, and it has been added to the Dr.Web virus database as Exploit.Ole2link.1. It uses XML technology, whereas previously cybercriminals used OLE objects to exploit Microsoft Office.

This exploit is implemented as a Microsoft Word document with the DOCX extension. Once this document is opened, another file called doc.doc is loaded. It contains an embedded HTA script, detected by Dr.Web as PowerShell.DownLoader.72. This HTA script, written using Windows Script syntax, calls the command interpreter PowerShell. PowerShell processes another malicious script that downloads an executable file to the attacked computer.

Currently, cybercriminals use this mechanism to install Trojan.DownLoader24.49614 on the computers of their victims. This Trojan downloads and runs other malicious software on infected machines.

Dr.Web successfully detects and removes files containing Exploit.Ole2link.1, and, therefore, it poses no threat to our users.

More about this exploit

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments