Author Topic: Hackers Revive Microsoft Office Equation Editor Exploit  (Read 145 times)

0 Members and 1 Guest are viewing this topic.

Offline Antus67

  • Full Member
  • ***
  • Posts: 93
    • View Profile
Hackers Revive Microsoft Office Equation Editor Exploit
« on: March 06, 2019, 06:42:58 PM »
By Sergiu Gatlan

Hackers used specially-crafted Microsoft Word documents during the last few months to abuse an Integer Overflow bug that helped them bypass sandbox and anti-malware solutions and exploit the Microsoft Office Equation Editor vulnerability patched 15 months ago.

According to Microsoft's security advisory, this memory corruption vulnerability tracked as CVE-2017-11882 impacts unpatched Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016.

While the vulnerability was patched as part of the November 2017 Patch Tuesday, successful exploitation leads to arbitrary code run in the context of the current user, but it can also enable potential attackers to completely taking control of compromised systems if the victim is logged on with administrative user rights.

Full Article Here: