Vulnerability in Office used by various spy groups to steal classified information

Kaspersky has published a report which states that Asian environments are being targeted by at least 4 spy groups which use the Microsoft Office vulnerability CVE-2015-2545.

The researchers from Kaspersky stated that:

CVE-2015-2545 is a vulnerability discovered in 2015 and corrected with Microsoft’s update MS15-099. The vulnerability affects Microsoft Office versions 2007 SP3, 2010 SP2, 2013 SP1 and 2013 RT SP1.

The vulnerability allows the attacker to execute an arbitrary code – the exploit itself uses PostScript and it is capable of evading the ASLR (Address Space Layout Randomization) and the DEP (Data Execution Prevention) protection methods.