McAfee [MFE] has discovered the first known zero-day exploit of Microsoft [MSFT] Office’s .docx file format, the company said this week in a
McAfee began working with Microsoft in November 2013 after spotting the exploit in the Middle East and Asia being used to steal sensitive data. The malware, CVE-2013-3906, locates and exfiltrates specific file types once it enters a user’s environment. The attacks were targeted at high-level institutions, including the Pakistani military, McAfee said. The company has since recorded 500 samples of the malware covering 60 unique variants.
The zero-day vulnerability was not known to the software’s developers before the attacks took place. Microsoft released a patch for the exploit in December. McAfee has also updated its products accordingly.
First introduced in Microsoft Office 2007, the .docx (Open XML) format has generally been considered safe.
“This element of surprise could be the major reason no one had detected the threat: Because .docx files were not considered vulnerable, they were not executed in a sandbox environment,” McAfee writes in the report.