Microsoft Office RTF documents that leverage CVE-2017-0199 vulnerability

by CIRT Team

Description: This vulnerability allows a malicious actor to download and execute a Visual Basic script containing PowerShell commands when a user opens a document containing an embedded exploit. The vulnerability affects Microsoft Office, including the latest Office 2016 edition running on Windows 10.

Impact: Researchers has observed Office documents exploiting CVE-2017-0199 that download and execute malware payloads from different well-known malware families.

Mitigation: Updates are available. Please check specific vendor advisory for more information.

Reference URL’s:

• https://support.microsoft.com/en-us/help/3141538/description-of-the-security-update-for-office-2010-april-11-2017
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199
• https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html
• https://www.proofpoint.com/us/threat-insight/post/dridex-campaigns-millions-recipients-unpatched-microsoft-zero-day

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts