![]() ![]() This https: URL references an HTML file that contains some weird-looking JavaScript code.The document references a regular-looking https: URL that gets downloaded.You open a booby-trapped DOC file, perhaps received via email.Very loosely speaking, the exploit works like this: There’s no suggestion that the malware came from that part of the world, or indeed that there is any Italian connection with this exploit at all. ![]() The numeric sequence 05-2022 seems pretty obvious (May 2022), but what about 0438? This just happens to be the telephone dialling code for the area of Follina, not far from Venice in north-western Italy, so Beaumont applied the name “Follina” to the exploit as an arbitrary joke. The name “Follina” was concocted from the fact there’s a sample infected Word DOC file on Virus Total that goes by the name 05-2022-0438.doc. Microsoft has assigned the identifier CVE-2022-30190 to this bug, and published a public advisory about it. Security researcher Kevin Beaumont has supplied it with the entirely arbitrary name Follina, and given that it doesn’t seem to have an official CVE number yet, that name looks set both to stick and to be a useful search term. More precisely, perhaps, it’s a code execution security hole that can be exploited by way of Office files, though for all we know there may be other ways to trigger or abuse this vulnerability. The internet is abuzz with news of a zero-day remote code execution bug in Microsoft Office. ![]()
0 Comments
Leave a Reply. |