We constantly emphasize how important it is to promptly install patches for vulnerabilities in software that is most often being exploited in cyberattacks — operating systems, browsers and office applications. Here is a good illustration of this thesis: according to our statistics on vulnerabilities, the most commonly exploited in the attacks on our customers, CVE-2017-11882 in Microsoft Office is still quite popular among the cybercriminals. And that is despite the fact that the update that fixes this vulnerability was released back in November 2017! Such lasting popularity of CVE-2017-11882 can only mean that someone hadn’t installed patches for the Microsoft office for more than five years.
What is CVE-2017-11882 vulnerability?
CVE-2017-11882 is a RCE vulnerability in the equation editor from the Microsoft Office and it is associated with a failure to handle objects in RAM. To exploit the vulnerability, an attacker must create a malicious file and somehow convince the victim to open it. Most often, such file is sent by e-mail or is hosted on a compromised site.
Successful exploitation of the CVE-2017-11882 vulnerability allows an attacker to execute arbitrary code with the privileges of the user who opened the malicious file. Thus, if the victim has administrator rights, the attacker will be able to take full control of his system — install programs; view, modify or destroy data; and even create new accounts.
At the end of 2017, when information about the vulnerability was first published, there were no attempts to exploit it. But in under a week, a proof of concept (PoC) appeared on the Internet, and
Support the originator by clicking the read the rest link below.
