CVE-2017-0199

Vulnerability updated 4 days ago (2024-11-20T18:13:22.674Z)

Download STIX

Preview STIX

CVE-2017-0199 is a software vulnerability that allows for remote code execution against older versions of Microsoft Office and Windows. This flaw in software design or implementation has been a popular vector of attack, with more than 5,600 malware samples exploiting the issue within a year, including 15 malicious samples reported from Egypt according to BlackBerry. Once a file containing this exploit is activated, it takes advantage of the bug and downloads the malware payload. Throughout its history, this vulnerability has been used in maldocs to spread numerous notorious malware families, such as Dridex in 2017 and Guloader in 2021. The exploit has also been incorporated quickly by APT34 to target organizations in the Middle East, among other instances. Despite not seeing much high-end activity involving Middle Eastern actors, there were two reports produced around the use of this zero-day exploit. To mitigate this threat, NSP customers have had new signatures added to the "HTTP: Microsoft Office OLE Arbitrary Code Execution Vulnerability (CVE-2017-0199)" attack name. However, the widespread usage and impact of this vulnerability underscore the importance of maintaining up-to-date software versions and implementing robust cybersecurity measures to prevent exploitation of such vulnerabilities.

Description last updated: 2024-11-15T16:13:34.854Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Exploits

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2017-11882 Vulnerability is associated with CVE-2017-0199. CVE-2017-11882 is a significant software vulnerability, specifically a flaw in the design or implementation of Microsoft's Equation Editor. This vulnerability has been exploited by various threat actors to create malicious RTF files, most notably by Chinese state-sponsored groups using the "Royal Ro	Unspecified	2

Source Document References

Information about the CVE-2017-0199 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	9 days ago	Revamped Remcos RAT Deployed Against Microsoft Users
Fortinet	16 days ago	New Campaign Uses Remcos RAT to Exploit Victims \| FortiGuard Labs
Fortinet	3 months ago	Deep Analysis of Snake Keylogger’s New Variant \| FortiGuard Labs
Securelist	3 months ago	Analyzing the vulnerability landscape in Q2 2024
DARKReading	4 months ago	India-Linked SideWinder Group Pivots to Hacking Maritime Targets
Securityaffairs	4 months ago	SideWinder phishing campaign targets maritime facilities in multiple countries
Fortinet	6 months ago	New Agent Tesla Campaign Targeting Spanish-Speaking People \| Fortinet Blog
Securityaffairs	7 months ago	Targeted operation against Ukraine exploited 7-year-old MS Office bug
Checkpoint	9 months ago	Maldocs of Word and Excel: Vigor of the Ages - Check Point Research
Checkpoint	9 months ago	12th February – Threat Intelligence Report - Check Point Research
MITRE	a year ago	Operation (노스 스타) North Star A Job Offer That’s Too Good to be True? \| McAfee Blog
Securelist	a year ago	PC malware statistics, Q3 2023
Securelist	a year ago	Kaspersky malware report for Q3 2023
CERT-EU	a year ago	Years-old Microsoft bugs are still hot targets for criminals
CERT-EU	a year ago	Qualys Top 20 Exploited Vulnerabilities \| Qualys Security Blog
CERT-EU	a year ago	IT threat evolution in Q2 2023. Non-mobile statistics – GIXtools
CERT-EU	a year ago	PC malware statistics, Q2 2022
CISA	a year ago	2022 Top Routinely Exploited Vulnerabilities \| CISA
InfoSecurity-magazine	a year ago	Cyber-Attacks Targeting Government Agencies Increase 40%
Securelist	a year ago	Kaspersky crimeware report: Emotet, DarkGate and LokiBot