CVE-2017-14971

Name of the Vulnerable Software and Affected Versions Infocus Mondopad version 2.2.08

Description The issue allows an attacker to disclose hashed credentials by providing a crafted Microsoft Office document, such as an Excel spreadsheet, containing a link with a UNC pathname associated with an attacker-controlled server. This enables the attacker-controlled server to receive the victim's NetNTLMv2 hash.

Recommendations For Infocus Mondopad version 2.2.08, consider disabling the handling of UNC pathnames in Microsoft Office documents as a temporary workaround until a patch is available. Restrict access to sensitive areas of the system to minimize the risk of exploitation. Avoid opening suspicious Microsoft Office documents from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.