Rich text pwnage
Malware writers are exploiting four RTF parser vulnerabilities, in a long-running campaign to target journalists, human rights activists, and Tibetans across Hong Kong and Taiwan. An Arbor Networks study found miscreants are exploiting since-patched vulnerabilities in Microsoft Office's handling of rich text files (CVE-2012-0158; CVE-2012-1856; CVE-2015-1641; and CVE-2015-1770), which help deliver at least six forms of Chinese malware. The research team reckons the characteristics of the tools, ...