Another Microsoft Office vulnerability has surfaced online that threatens most MS Office users. This time, the flaw appears in MS Word that allows potential attackers to bypass all security measures upon exploit. However, the vendors refused to patch this Microsoft Word bug despite knowing about it for long.
Microsoft Word Bug Under Active Exploits
Researchers from Mimecast Research Labs have uncovered active exploits of a Microsoft Word bug. They found that the vulnerability allows attackers to evade all security measures such as anti malware on the target system.
The flaw basically exists in the way of handling Integer Overflow errors by Microsoft Word in OLE file format. Together with another memory corruption vulnerability (CVE-2017-11882) patched earlier, the researchers found hackers actively exploiting the vulnerability to take over systems. The group of hackers allegedly belongs to Serbia. They use specially crafted Microsoft Word documents to exploit the OLE vulnerability, thereby bypassing all security measures.