CVE-2017-11882

Name of the Vulnerable Software and Affected Versions Microsoft Office versions prior to the fixes included in the 2017 patch releases Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 Service Pack 2 Microsoft Office 2013 Service Pack 1 Microsoft Office 2016

Description A flaw exists in Microsoft Office software due to improper handling of objects in memory. Successful exploitation of this issue allows an attacker to execute arbitrary code within the context of the current user. If the user possesses administrative privileges, the attacker could gain control of the system, enabling them to install programs, modify or delete data, and create new accounts with full user rights. The vulnerability requires a user to open a specially crafted file using a vulnerable version of Microsoft Office or Microsoft WordPad. This issue has been actively exploited for several years, with reports indicating ongoing attacks even after patches were released. The vulnerability, identified as CVE-2017-11882, has been used in phishing campaigns to deliver malware such as Agent Tesla and RemCos. Attackers have employed various techniques, including the use of malicious RTF files and exploitation of the Equation Editor component. Some threat actors, like Mysterious Elephant and Mahagrass, have leveraged this vulnerability as part of their attack chains.

Recommendations Apply the security patches released by Microsoft in 2017 for Microsoft Office 2007 Service Pack 3. Apply the security patches released by Microsoft in 2017 for Microsoft Office 2010 Service Pack 2. Apply the security patches released by Microsoft in 2017 for Microsoft Office 2013 Service Pack 1. Apply the security patches released by Microsoft in 2017 for Microsoft Office 2016.