Your browser is obsolete!

The page may not load correctly.

Free trial
Dr.Web for Android

Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support

Send a message

Your tickets

Profile

Back to news

Doctor Web examines new exploit for Microsoft Office

April 20, 2017

Doctor Web is warning users about a new vulnerability in Microsoft Office. It allows cybercriminals to download executable files to an attacked computer.

This vulnerability has been detected in Microsoft Word. Cybercriminals have developed an active exploit for this application, and it has been added to the Dr.Web virus database as Exploit.Ole2link.1. It uses XML technology, whereas previously cybercriminals used OLE objects to exploit Microsoft Office.

This exploit is implemented as a Microsoft Word document with the DOCX extension. Once this document is opened, another file called doc.doc is loaded. It contains an embedded HTA script, detected by Dr.Web as PowerShell.DownLoader.72. This HTA script, written using Windows Script syntax, calls the command interpreter PowerShell. PowerShell processes another malicious script that downloads an executable file to the attacked computer.

Currently, cybercriminals use this mechanism to install Trojan.DownLoader24.49614 on the computers of their victims. This Trojan downloads and runs other malicious software on infected machines.

Dr.Web successfully detects and removes files containing Exploit.Ole2link.1, and, therefore, it poses no threat to our users.

More about this exploit

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2017

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040