CVE-2017-0199

Vulnerability updated 3 months ago (2024-11-29T13:53:15.727Z)
Download STIX
Preview STIX
CVE-2017-0199 is a software vulnerability that allows for remote code execution against older versions of Microsoft Office and Windows. This flaw in software design or implementation has been a popular vector of attack, with more than 5,600 malware samples exploiting the issue within a year, including 15 malicious samples reported from Egypt according to BlackBerry. Once a file containing this exploit is activated, it takes advantage of the bug and downloads the malware payload. Throughout its history, this vulnerability has been used in maldocs to spread numerous notorious malware families, such as Dridex in 2017 and Guloader in 2021. The exploit has also been incorporated quickly by APT34 to target organizations in the Middle East, among other instances. Despite not seeing much high-end activity involving Middle Eastern actors, there were two reports produced around the use of this zero-day exploit. To mitigate this threat, NSP customers have had new signatures added to the "HTTP: Microsoft Office OLE Arbitrary Code Execution Vulnerability (CVE-2017-0199)" attack name. However, the widespread usage and impact of this vulnerability underscore the importance of maintaining up-to-date software versions and implementing robust cybersecurity measures to prevent exploitation of such vulnerabilities.
Description last updated: 2024-11-15T16:13:34.854Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Malware
Exploits
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2017-11882 Vulnerability is associated with CVE-2017-0199. CVE-2017-11882 is a significant software vulnerability, specifically a flaw in the design or implementation of Microsoft's Equation Editor. This vulnerability has been exploited by various threat actors to create malicious RTF files, most notably by Chinese state-sponsored groups using the "Royal RoUnspecified
2
Source Document References
Information about the CVE-2017-0199 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
12 days ago
Malware-traffic-analysis.net
a month ago
Securelist
3 months ago
Fortinet
3 months ago
InfoSecurity-magazine
3 months ago
DARKReading
4 months ago
Fortinet
4 months ago
Fortinet
6 months ago
Securelist
7 months ago
DARKReading
7 months ago
Securityaffairs
7 months ago
Fortinet
9 months ago
Securityaffairs
10 months ago
Checkpoint
a year ago
Checkpoint
a year ago
MITRE
a year ago
Securelist
a year ago
Securelist
a year ago
CERT-EU
2 years ago
CERT-EU
2 years ago