CVE-2017-0199

Vulnerability updated a month ago (2024-08-14T10:02:16.376Z)
Download STIX
Preview STIX
CVE-2017-0199 is a significant software vulnerability, specifically a flaw in the design or implementation of older versions of Microsoft Office and Windows. This vulnerability allows for remote code execution, making it an attractive vector for cyber attacks. Throughout its history, it has been exploited by numerous malware families, including Dridex in 2017 and Guloader in 2021. According to BlackBerry, more than 5,600 malware samples have exploited this issue within a single year, with 15 malicious samples originating from Egypt. The exploitation of CVE-2017-0199 was not limited to criminal actors; state-sponsored groups also utilized it. Notably, APT34, a group allegedly linked to Iran, quickly incorporated exploits for this vulnerability (alongside CVE-2017-11882) to target organizations in the Middle East. While there wasn't extensive activity involving Middle Eastern actors, two reports highlighted the use of CVE-2017-0199 as a zero-day exploit in this region. In response to the widespread exploitation of this vulnerability, NSP customers received new signatures related to the "HTTP: Microsoft Office OLE Arbitrary Code Execution Vulnerability (CVE-2017-0199)" attack. The decoy files used in these attacks often rely on a remote template injection technique (CVE-2017-0199) to gain initial access to the target's system, underscoring the importance of these added signatures in detecting and preventing future exploits.
Description last updated: 2024-08-14T08:38:58.529Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
IDTypeVotesProfile Description
CVE-2017-11882Unspecified
2
CVE-2017-11882 is a significant software vulnerability, specifically a flaw in the design or implementation of Microsoft's Equation Editor. This vulnerability has been exploited by various threat actors to create malicious RTF files, most notably by Chinese state-sponsored groups using the "Royal Ro
Source Document References
Information about the CVE-2017-0199 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Fortinet
11 days ago
Deep Analysis of Snake Keylogger’s New Variant | FortiGuard Labs
Securelist
19 days ago
Analyzing the vulnerability landscape in Q2 2024
DARKReading
a month ago
India-Linked SideWinder Group Pivots to Hacking Maritime Targets
Securityaffairs
a month ago
SideWinder phishing campaign targets maritime facilities in multiple countries
Fortinet
3 months ago
New Agent Tesla Campaign Targeting Spanish-Speaking People | Fortinet Blog
Securityaffairs
4 months ago
Targeted operation against Ukraine exploited 7-year-old MS Office bug
Checkpoint
7 months ago
Maldocs ­of Word and Excel: Vigor of the Ages - Check Point Research
Checkpoint
7 months ago
12th February – Threat Intelligence Report - Check Point Research
MITRE
9 months ago
Operation (노스 스타) North Star A Job Offer That’s Too Good to be True? | McAfee Blog
Securelist
9 months ago
PC malware statistics, Q3 2023
Securelist
9 months ago
Kaspersky malware report for Q3 2023
CERT-EU
a year ago
Years-old Microsoft bugs are still hot targets for criminals
CERT-EU
a year ago
Qualys Top 20 Exploited Vulnerabilities | Qualys Security Blog
CERT-EU
a year ago
IT threat evolution in Q2 2023. Non-mobile statistics – GIXtools
CERT-EU
a year ago
PC malware statistics, Q2 2022
CISA
a year ago
2022 Top Routinely Exploited Vulnerabilities | CISA
InfoSecurity-magazine
a year ago
Cyber-Attacks Targeting Government Agencies Increase 40%
Securelist
a year ago
Kaspersky crimeware report: Emotet, DarkGate and LokiBot
SANS ISC
a year ago
Loader activity for Formbook "QM18" - SANS Internet Storm Center
CERT-EU
a year ago
Loader activity for Formbook "QM18", (Wed, Jul 12th) – Cyber Safe NV