Skip to main content

Criminals are using the Windows Object Linking Interface in Powerpoint to install malware

posted onAugust 16, 2017
by l33tdawg

Cyber criminals are using Microsoft PowerPoint to install malware. The Windows Object Linking Embedding (OLE) interface is the technology that allows exporting part of a document with a different editing application than the original. According to a report from Trend Micro (via Neowin), users are exploiting the use with PowerPoint slideshows.

These PowerPoint slideshows come in the form of an email and in the more recent cases, Neowin mentions that they come as attachments labeled shipping details. On closer inspection, the PPSX file from PowerPoint is just a playback  of the slideshow and opening it displays ‘CVE-2017-8570’.

But what’s happening behind the scenes is the problem. The CVE-2017-0199 Remove Code Execution vulnerability will open up to the exploit and run a process to download ‘logo.doc’ to the user’s computer. That document then runs a command to download ‘RATMAN.exe’ which can make a connection to a Command and Control server.




You May Also Like

Recent News

Tuesday, March 20th

Monday, March 19th

Friday, March 16th

Thursday, March 15th

Wednesday, March 14th

Tuesday, March 13th