CVE-2017-0199

Name of the Vulnerable Software and Affected Versions Microsoft Office 2007 SP3 Microsoft Office 2010 SP2 Microsoft Office 2013 SP1 Microsoft Office 2016 Microsoft Windows Vista SP2 Windows Server 2008 SP2 Windows 7 SP1 Windows 8.1

Description A remote code execution issue exists in the way Microsoft Office and WordPad parse specially crafted files. This flaw is related to access control deficiencies and the loading of DLLs (Dynamic Link Libraries), which are shared libraries used by multiple programs. An attacker can exploit this by inducing a user to open or preview a crafted document, such as a DOCX file, which may trigger the formula editor to request a remote HTML application file. Successful exploitation allows a remote attacker to execute arbitrary code, take full control of the affected system, install programs, view, modify, or delete data, and create new accounts with full user rights. This issue has been utilized in targeted campaigns, such as Operation FrostBeacon, to deliver Cobalt Strike Beacons to financial and legal organizations via phishing emails.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.