A significant fraction of targeted attacks involve spear phishing emails with malicious lure documents that, when opened, exploit a vulnerability in the document viewer application to invoke a backdoor executable. As such, it does not come as a big surprise that exploits for CVE-2014-1761, a recent vulnerability in Microsoft Word, made their way into the toolkit of multiple adversaries. In this blog post, we provide an overview of how and when these groups started to leverage this new vulnerability in their campaigns.
more here...........http://blog.crowdstrike.com/cve-2014-1761-alley-compromise/
more here...........http://blog.crowdstrike.com/cve-2014-1761-alley-compromise/