Word Bug Allows Attackers to Sneak Exploits Past Anti-Malware Defenses

Anti-malware controls and enterprise sandboxes are being circumvented due to a flaw discovered in the way Microsoft Word processes integer overflow errors for Object Linking and Embedding (OLE) file formats.  By leveraging this flaw, attackers can cloak any payload and trick Microsoft Word into not functioning correctly and delivering regardless of controls.  Microsoft has been alerted about the exploit and acknowledges the abnormal behavior, but has no immediate plan to fix the issue because there is no memory corruption or code execution directly linked to the flaw.

Relevant URL(s): https://www.darkreading.com/attacks-breaches/word-bug-allows-attackers-to-sneak-exploits-past-anti-malware-defenses/d/d-id/1334070