So CVE-2012-0158 was allocated in 2011, patched in 2012 and is being actively exploited in 2016: the question is why?
If a vulnerability was allocated a CVE number in 2011, and a patch released in 2012, you’d expect it to be long dead. So why is CVE-2012-0158 not only still alive, but still eating virtual brains? In his research paper ‘Anatomy of a prolific exploit’ Sophos researcher Graham Chantry states “Whether you’re an experienced threat researcher, a keen security blog reader or you’ve simply received a malicious Office document attachment; you’ll have likely come across the CVE-2012-0158 vulnerability in some form.” And he’s not wrong.
Not only is this particular MS Word vulnerability far from dead, it remains one of the most actively exploited vulnerabilities across the Word family. Which begs the question, what has gone so right for the bad guys and what’s so special about CVE-2012-0158 for it to have become such a successful zombie?