A zero-day vulnerability in InPage publishing software
used primarily in Urdu, Pashto and Arabic-speaking nations has been publicly
exploited in attacks against financial institutions and government agencies in
the region.
Kaspersky Lab said it’s possible a number of criminal or
nation-state actors are using this exploit since it has recorded several
different attacks against banks in Asia and Africa, as well as others targeting
government agencies. The exploit is spreading via phishing campaigns, and was
discovered during a separate investigation in September.
Probable
Root cause
The parser in the software’s main module ‘inpage.exe’
contains a vulnerability when parsing certain fields. By carefully setting such
a field in the document, an attacker can control the instruction flow and
achieve code execution.
The shell code found in the document first looks for
certain patterns in virtual memory space before launching a decoder that
obtains an instruction pointer and decrypts the next stage of the attack. At
that point, a downloader grabs and executes the payload.
At this moment, there is not any fix to the problem
since the developers haven’t fixed the bug.
Also Refer:
