Rajib Singha
New Common Vulnerabilities and Exposure (CVE) in Spammer’s toolkit
June 3, 2016

The Quick Heal Malware Intelligence Reporting System has made a recent observation about a CVE (Common Vulnerabilities and Exposures) known as CVE-2015-2545 being actively used in an online spam campaign.

The campaign begins with targeted users receiving a spam email with an attached malicious document. Below are some common attachment names used in this spam campaign:

  • Proforma Order.doc
  • Confirmed_orders.doc
  • Covering letter.doc
  • Payment_Advise.doc
  • Purchase Order.doc
  • Outstanding_Acc-40493.doc

Spammers trick users into opening the attached document which contains the exploit code for CVE-2015-2545. Once the document is opened, it exploits the vulnerability present in unpatched versions of Microsoft Office.

This vulnerability was patched by Microsoft in September 2015. Users who haven’t applied Microsoft security updates for this vulnerablity are at a risk of this exploit.

By exploiting Microsoft Office software, spammers execute malicious code on the victim’s machine and can download and execute malware payload.

Some URLs found for payload download in this campaign include:

  • hxxp://
  • hxxp://
  • hxxp://
  • hxxp://
  • hxxp://

Download this PDF to read the complete report:

PDF icon






  • Manish Sardiwal
  • Pavankumar Chaudhari

– Vulnerability Analysis & Research Team




Have something to add to this story? Share it in the comments.

Rajib Singha
About Rajib Singha
Rajib is an IT security news junkie and a computer security blogger at Quick Heal. He is passionate about promoting cybersecurity awareness, content and digital...
Articles by Rajib Singha »

No Comments, Be The First!

Your email address will not be published.