Denis Selianin

**Name of the Vulnerable Software and Affected Versions** Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via malformed Wi-Fi packets during identification of available Wi-Fi networks. This can potentially lead to exploitation of the host application processor, depending on factors such as host OS hardening and DMA availability. **Recommendations** For Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, consider disabling the Wi-Fi network identification feature until a patch is available to prevent exploitation. Restrict access to the Wi-Fi device to minimize the risk of arbitrary code execution or denial of service.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office versions prior to the fixes included in the 2017 patch releases Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 Service Pack 2 Microsoft Office 2013 Service Pack 1 Microsoft Office 2016 **Description** A flaw exists in Microsoft Office software due to improper handling of objects in memory. Successful exploitation of this issue allows an attacker to execute arbitrary code within the context of the current user. If the user possesses administrative privileges, the attacker could gain control of the system, enabling them to install programs, modify or delete data, and create new accounts with full user rights. The vulnerability requires a user to open a specially crafted file using a vulnerable version of Microsoft Office or Microsoft WordPad. This issue has been actively exploited for several years, with reports indicating ongoing attacks even after patches were released. The vulnerability, identified as CVE-2017-11882, has been used in phishing campaigns to deliver malware such as Agent Tesla and RemCos. Attackers have employed various techniques, including the use of malicious RTF files and exploitation of the Equation Editor component. Some threat actors, like Mysterious Elephant and Mahagrass, have leveraged this vulnerability as part of their attack chains. **Recommendations** Apply the security patches released by Microsoft in 2017 for Microsoft Office 2007 Service Pack 3. Apply the security patches released by Microsoft in 2017 for Microsoft Office 2010 Service Pack 2. Apply the security patches released by Microsoft in 2017 for Microsoft Office 2013 Service Pack 1. Apply the security patches released by Microsoft in 2017 for Microsoft Office 2016.