2021-05-05

Abuse EQNEDT32.EXE CVE-2017-11882

Share:

Overview of CVE-2017-11882

CVE-2017-11882 affects several versions of Microsoft Office and, when exploited, allows a remote user to run arbitrary code in the context of the current user as a result of improperly handling objects in memory. The vulnerability exists in the old Equation Editor (EQNEDT32.EXE), a component of Microsoft Office that is used to insert and evaluate mathematical formulas. As the EQNEDT32.exe is compiled using an older compiler and does not support address space layout randomization (ASLR), a technique that guards against the exploitation of memory-corruption vulnerabilities, the attacker can easily alter the flow of program execution.This use case is geared towards detecting the potential malicious Microsoft Office payload(CVE-2017-11882) on host

References

Request Access to Use Case Repository

Tags

Execution

APT32

APT41

Splunk

Cobalt Group

Frankenstein

Inception

Leviathan

Patchwork

Tropic Trooper

Exploitation for Client Execution

Chat with our team to receive a free maturity assessment

Get in Touch

Ready to learn more about Anvilogic?

Kickstart your security operations

Anvilogic provided the necessary threat detection automation for our small SOC, adding a significant force-multiplier advantage for my team.