A post on Malware-Tracker's blog mentioned a couple new .doc's that seem are not detected by any engine. This post was written over 3 months ago, and there has been no improvement in the detection space. So I figured that this would be a good opportunity to pull apart the exploit, and post some signatures for those that don't have any other defenses. I've seen a lot of signatures that are string based, and don't hold up in the long run. Usually, diving a little deeper on an exploit will yield in a higher fidelity signatur - See more at: http://www.cbts.net/cyber-security/blog/post/Still-in-Hiding-CVE2012-0158#sthash.yeg3xZug.dpuf
more here..............http://www.cbts.net/cyber-security/blog/post/Still-in-Hiding-CVE2012-0158#sthash.yeg3xZug.dpbs
more here..............http://www.cbts.net/cyber-security/blog/post/Still-in-Hiding-CVE2012-0158#sthash.yeg3xZug.dpbs