Researchers at Israel-based cyberattack simulation company Cymulate are claiming to have found a vulnerability in Microsoft Word's online video feature that can allow malicious actors to replace legitimate YouTube iframe code with malicious HTML/JavaScript code.
In a company press release, Cymulate warns that the unpatched zero-day flaw requires no special configuration to reproduce and potentially affects all users of Office 2016 and older versions of the software suite.
Cymulate told SC Media that it disclosed the bug to Microsoft three months ago, noting however that the flaw did not qualify for an official CVE identifier.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
-
News analysis
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
-
Archives
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
-
Daily Newswire
SC Media’s essential morning briefing for cybersecurity professionals.
-
Learning Express
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.