This vulnerability was discovered by Cory Duplantis and another member of Cisco Talos
Overview
Vulnerabilities in word processing and office productivity suites are useful targets for exploitation by threat actors. Users frequently encounter file types used by these software suites in their day to day lives and may not question opening such files within an email or being prompted to download such a file from a website.
Some word processing software is widely used within communities using a specific language, but poorly known elsewhere. For example, Hancom's Hangul Word Processor is widely used within South Korea and Ichitaro Office suite from JustSystems is widely used in Japan and Japanese speaking communities. Exploiting vulnerabilities in these and similar word processing systems allows attackers to target their attacks to a specific country or to the linguistic community of their intended victims. Presumably, attackers may believe that exploits against these systems may be less likely to be discovered by security researchers who may lack the necessary software which the vulnerability exploits.
The recent discovery by Talos of a sophisticated attack exploiting Hangul Word Processor
http://blog.talosintelligence.com/2017/02/korean-maldoc.html underlines the ability of attackers with the necessary technical skills to create malicious files that target local office productivity suite software.
Talos has discovered three vulnerabilities within the Ichitaro Office suite, one of the most popular word processors used in Japan.
We have no indication that any of the
three vulnerabilities we discovered in Ichitaro Office suite, have been exploited in the wild. Nevertheless, all three lead to a state where arbitrary code can be executed. We have chosen one of these vulnerabilities to explain in more detail how such a vulnerability may be exploited and to demonstrate what remote code execution means by launching calc.exe as an example.
The advisory for this particular vulnerability can be found here
http://www.talosintelligence.com/reports/TALOS-2016-0197