When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
To trigger the vulnerability, the crooks would draft and send a unique email.
The emails body appears empty, and only comes with a .DOC attachment.
Thepayloadis a piece of JavaScript code masquerading as a href value.
The form prompts the victim for their username and password, which are then relayed to the attackers.
ViaBleepingComputer
