[Upcoming Session] 2024 Mid-Year Attacks & Trends. Join us August 1st.
Register
Skip to main content
On-Demand Webinar

Abuse EQNEDT32.EXE CVE-2017-11882

Threats + Use Case
On-Demand Webinar

Abuse EQNEDT32.EXE CVE-2017-11882

Detection Strategies

Overview of CVE-2017-11882

CVE-2017-11882 affects several versions of Microsoft Office and, when exploited, allows a remote user to run arbitrary code in the context of the current user as a result of improperly handling objects in memory. The vulnerability exists in the old Equation Editor (EQNEDT32.EXE), a component of Microsoft Office that is used to insert and evaluate mathematical formulas. As the EQNEDT32.exe is compiled using an older compiler and does not support address space layout randomization (ASLR), a technique that guards against the exploitation of memory-corruption vulnerabilities, the attacker can easily alter the flow of program execution. This use case is geared towards detecting the potential malicious Microsoft Office payload(CVE-2017-11882) on host

References

Request Access to Use Case Repository

Tags

Execution

APT32

APT41

Splunk

Cobalt Group

Frankenstein

Inception

Leviathan

Patchwork

Tropic Trooper

Exploitation for Client Execution

Get the Latest Resources

Leave Your Data Where You Want: Detect Across Snowflake

Demo Series
Leave Your Data Where You Want: Detect Across Snowflake
Watch

MonteAI: Your Detection Engineering & Threat Hunting Co-Pilot

Demo Series
MonteAI: Your Detection Engineering & Threat Hunting Co-Pilot
Watch
Break Free from SIEM Lock-in
Get the latest news, blog posts and threat reports
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
By submitting this form, you agree to our Terms of Use
and acknowledge our Privacy Statement.
Product
PlatformIntegrations
Learn
BlogResourcesThreat ResearchDetection DispatchWebinarsCustomersSolution GuidesWhite PapersData Sheets
Customer Resources
Log InRelease NotesKnowledge Base
Company
About UsCareersContact Us
Facebook
Twitter
Linkedin
© 2024 Anvilogic. All Rights Reserved.
[Upcoming Session] 2024 Mid-Year Attacks & Trends. Join us August 1st.
Register
Skip to main content
White Paper

Abuse EQNEDT32.EXE CVE-2017-11882

Threats + Use Case
Break Free from SIEM Lock-in
Get the latest news, blog posts and threat reports
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
By submitting this form, you agree to our Terms of Use
and acknowledge our Privacy Statement.
Product
PlatformIntegrations
Learn
BlogResourcesThreat ResearchDetection DispatchWebinarsCustomersSolution GuidesWhite PapersData Sheets
Customer Resources
Log InRelease NotesKnowledge Base
Company
About UsCareersContact Us
Facebook
Twitter
Linkedin
© 2024 Anvilogic. All Rights Reserved.
[Upcoming Session] 2024 Mid-Year Attacks & Trends. Join us August 1st.
Register
Skip to main content
May 5, 2021

Abuse EQNEDT32.EXE CVE-2017-11882

Threats + Use Case

Overview of CVE-2017-11882

CVE-2017-11882 affects several versions of Microsoft Office and, when exploited, allows a remote user to run arbitrary code in the context of the current user as a result of improperly handling objects in memory. The vulnerability exists in the old Equation Editor (EQNEDT32.EXE), a component of Microsoft Office that is used to insert and evaluate mathematical formulas. As the EQNEDT32.exe is compiled using an older compiler and does not support address space layout randomization (ASLR), a technique that guards against the exploitation of memory-corruption vulnerabilities, the attacker can easily alter the flow of program execution. This use case is geared towards detecting the potential malicious Microsoft Office payload(CVE-2017-11882) on host

References

Request Access to Use Case Repository

Tags

Execution

APT32

APT41

Splunk

Cobalt Group

Frankenstein

Inception

Leviathan

Patchwork

Tropic Trooper

Exploitation for Client Execution

Break Free from SIEM Lock-in

Break Free from SIEM Lock-in

Book a Demo