PT-2017-18399 · Microsoft · Malware Protection Engine+3

Lokihardt

·

Published

2017-05-26

·

Updated

2025-07-11

·

CVE-2017-8541

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
#ParsedReport #CompletenessMedium 10-07-2025
RENDERSHOCK: WEAPONIZING TRUST IN FILE RENDERING PIPELINES
https://www.cyfirma.com/research/rendershock-weaponizing-trust-in-file-rendering-pipelines/
Report completeness: Medium
Actors/Campaigns: Fancy bear
Threats: Rendershock technique Clipboard injection technique Polyglot technique Motw bypass technique Passthehash technique Ntlmrelayx tool Dns tunneling technique Aitm technique Process injection technique
Geo: Ukraine
CVEs: CVE-2025-24054 [Vulners] CVSS V3.1: 6.5, Vulners: Exploitation: True X-Force: Risk: Unknown X-Force: Patch: Unknown Soft:
  • microsoft windows 10 1507 (<10.0.10240.20947)
  • microsoft windows 10 1607 (<10.0.14393.7876)
  • microsoft windows 10 1809 (<10.0.17763.7009)
  • microsoft windows 10 21h2 (<10.0.19044.5608)
  • microsoft windows 10 22h2 (<10.0.19045.5608) have more... CVE-2023-23397 [Vulners] CVSS V3.1: 9.8, Vulners: Exploitation: True X-Force: Risk: Unknown X-Force: Patch: Unknown Soft:
  • microsoft 365 apps (-)
  • microsoft office (2019)
  • microsoft office long term servicing channel (2021)
  • microsoft outlook (2013, 2016)
CVE-2024-44236 [Vulners] CVSS V3.1: 6.5, Vulners: Exploitation: Unknown X-Force: Risk: Unknown X-Force: Patch: Unknown Soft:
  • apple macos (<13.7.1, <14.7.1)
CVE-2024-43451 [Vulners] CVSS V3.1: 6.5, Vulners: Exploitation: True X-Force: Risk: Unknown X-Force: Patch: Unknown Soft:
  • microsoft windows 10 1507 (<10.0.10240.20826)
  • microsoft windows 10 1607 (<10.0.14393.7515)
  • microsoft windows 10 1809 (<10.0.17763.6532)
  • microsoft windows 10 21h2 (<10.0.19044.5131)
  • microsoft windows 10 22h2 (<10.0.19045.5131) have more... CVE-2025-30386 [Vulners] CVSS V3.1: 8.4, Vulners: Exploitation: Unknown X-Force: Risk: Unknown X-Force: Patch: Unknown Soft:
  • microsoft 365 apps (-)
  • microsoft office (<16.0.18827.20000, 2016, 2019)
  • microsoft office long term servicing channel (2021, 2024)
CVE-2017-8541 [Vulners] CVSS V3.1: 7.8, Vulners: Exploitation: True X-Force: Risk: Unknown X-Force: Patch: Unknown Soft:
  • microsoft forefront security (-)
  • microsoft malware protection engine (le1.1.13704.0)
  • microsoft windows defender (-)
TTPs: Tactics: 10 Technics: 14
IOCs: File: 17 Command: 3 Url: 1 Domain: 1
Soft: Windows Explorer, macOS, Outlook, Windows Search Indexer, Dropbox, sudo, Linux, SMB server, Windows File Explorer, Windows Search, have more...
Algorithms: base64, zip
Functions: FPDF, Workbook Open, Chr, split, SMB
Win Services: WebClient
Languages: powershell, javascript
Platforms: apple

Exploit

Fix

RCE

Buffer Overflow

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2017-8541

Affected Products

Malware Protection Engine
Outlook Web App
Forefront Security
Windows Defender