Nearly 75 percent of the most most commonly exploited applications worldwide in Q3 2019 were related to the Microsoft Office productivity suite, according to data gathered by PreciseSecurity.
Cyber criminals also exploited other applications, including browsers and operating systems, said the virus removal solutions provider. MS Office products were followed by browsers with 13.5% of the total number of cyber criminal exploits, Android with 9.1%, Java with 2.4%, Adobe Flash with 1.6% and PDF with less than one percent. (Note: Kaspersky and Statista are the sources for that data.)
Some of the most common vulnerabilities in MS Office were related to stack overflow errors in the Equation Editor application. Other vulnerabilities were CVE-2017-8570, CVE-2017-8759, and CVE-2017-0199. Another important vulnerability was related to a zero-day issue CVE-2019-1367 that produced memory corruption and allowed remote code execution on the target system.
“Many of these vulnerabilities found in the last quarter aimed at privilege escalation inside the system stem from individual operating system services and popular applications,” PreciseSecurity said in a blog post.
According to PreciseSecurity's data, the top five countries that are sources of web-based attacks (web pages with redirects to exploits, etc.) include the U.S. at 79%, followed by the Netherlands at 15.6%, Germany with 2.4%, France with 1.9% and Russia with 1 percent.
Some recent examples of MS Office exploits: