Mimecast Research Labs has identified a memory corruption problem with Microsoft Word in that attackers can use the exploit to bypass Windows antimalware security – and apparently, some are actively exploiting it now.
Our detection engines spotted an attacker group, which seems to originate from Serbia, using specially-crafted Microsoft Word documents to take advantage of how Microsoft Word handles Integer Overflow errors in the OLE file format. The group was able to exploit this bug to circumvent many security solutions designed to protect data from infestation, including leading sandbox and anti-malware technologies.
According to Mimecast, it notified Microsoft way back in May of 2018. Two days later, Microsoft told Mimecast that the issue didn’t meet the security bar, so a fix wouldn’t be forthcoming.
Mimecast has just produced a blog post detailing the exploit: THE RETURN OF THE EQUATION EDITOR EXPLOIT – DIFAT OVERFLOW