Format overflow vulnerabilities are often exploited by APT attacks. In this type of vulnerabilities, CVE2012-0158 is the most commonly used one in the past year. Generally, the carrier of such vulnerability is a Rich Text Format (RTF) file, the internal data of which is saved as a hexadecimal string. In January 2013, a sample attacking by email attachment is captured. Now information about the sample can be searched on VirusTotal. An introduction on the attacking device of it will be made in the following paragraphs.

The full report can be downloaded here The Latest APT Attack by Exploiting CVE2012-0158 Vulnerability