Sophos experts have informed that a European aeronautical supplier's website is infected with virus that leverages CVE-2012-1889 vulnerability. This flaw was reported by Microsoft in the course of the June Patch Tuesday as a zero-day.
All operation systems supported by Microsoft, including Windows 7 are vulnerable to this flaw. CVE-2012-1889 can be exploited with a specially crafted web-page or a file, opened by Microsoft Office 2003 or Microsoft Office 2007 and allows hacker gain the same privilege on the system as the local user has. Vendor has not issued a patch for this vulnerability yet, but temporary workaround is accessible on the Microsoft Technet website.
Graham Cluley links this vulnerability with recent Google’s warnings about state-sponsored attacks. He considers that hackers could have embedded malicious file to the aeronautical supplier’s web-site to compromise computer systems of arms manufacturers or defense ministries who visit the resource.
“We know that a hacker who manages to plant malicious code on the website of, say, a company which supplies aeronautical parts may reasonably predict that staff at a larger organisation - such as an arms manufacturer or defence ministry - might have reason to access the site” – Cluley said
Graham Cluley’s post is accessible here.
