CVE-2017-11882

Vulnerability updated 25 days ago (2024-08-14T10:05:05.179Z)
Download STIX
Preview STIX
CVE-2017-11882 is a significant software vulnerability, specifically a flaw in the design or implementation of Microsoft's Equation Editor. This vulnerability has been exploited by various threat actors to create malicious RTF files, most notably by Chinese state-sponsored groups using the "Royal Road" exploit builder. The Royal Road tool allows these groups to craft documents that take advantage of this vulnerability, among others, to compromise systems. Historically, CVE-2017-11882 has been used to disseminate notorious malware families such as Dridex in 2017 and Guloader in 2021. More recently, Zscaler ThreatLabz reported a campaign exploiting this vulnerability to spread the Agent Tesla information-stealing malware. BlackBerry documented over 9,500 instances of Office documents exploiting this issue since the start of 2024, particularly in organizations with legacy systems often found in ports, maritime facilities, and other critical infrastructure. The threat posed by outdated vulnerabilities like CVE-2017-11882 continues to be discussed by security researchers, including those at Check Point Research. In addition, this vulnerability has been leveraged in various campaigns by TA558, tracked by Palo Alto Networks, Cisco Talos, and Uptycs. These campaigns typically involve malicious Microsoft Word document attachments or remote template URLs to download and install malware, further highlighting the enduring risk associated with this vulnerability.
Description last updated: 2024-08-14T08:38:47.361Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Vulnerability
Microsoft
Tesla
Phishing
Exploit
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
Agent TeslaUnspecified
5
Agent Tesla is a type of malware, or malicious software, that exploits and damages computer systems. It can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold d
FormbookUnspecified
4
Formbook is a type of malware, short for malicious software, designed to exploit and damage computers or devices. It was first discovered in 2016 and has since been used in various cyber attacks worldwide. The malware can infect systems through suspicious downloads, emails, or websites, often withou
GuLoaderUnspecified
2
GuLoader is a type of malware that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for ransom. GuLoader is encrypted with NSIS Crypter and has
LokibotUnspecified
2
LokiBot is a malicious software, or malware, that was first reported on October 24, 2020. It is designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, LokiBot steals personal information
PowerShowerUnspecified
2
PowerShower is a malware variant that emerged as a significant threat due to its ability to exploit and damage computer systems. It was first observed in attacks against European targets in October 2018, where it exploited the CVE-2017-11882 vulnerability. The malware, written in PowerShell, was dow
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
IDTypeVotesProfile Description
CVE-2018-0802Unspecified
2
None
CVE-2017-0199Unspecified
2
CVE-2017-0199 is a significant software vulnerability, specifically a flaw in the design or implementation of older versions of Microsoft Office and Windows. This vulnerability allows for remote code execution, making it an attractive vector for cyber attacks. Throughout its history, it has been exp
Source Document References
Information about the CVE-2017-11882 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
17 days ago
Analyzing the vulnerability landscape in Q2 2024
Securityaffairs
a month ago
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs
a month ago
security-affairs-malware-newsletter-round-5
CERT-EU
8 months ago
Cloud Atlas’ Spear-Phishing Attacks Target Russian Agro and Research Companies
DARKReading
a month ago
India-Linked SideWinder Group Pivots to Hacking Maritime Targets
Securityaffairs
a month ago
Phishing campaigns target SMBs in Poland
Securityaffairs
a month ago
SideWinder phishing campaign targets maritime facilities in multiple countries
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 2
Securityaffairs
2 months ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
2 months ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Fortinet
3 months ago
New Agent Tesla Campaign Targeting Spanish-Speaking People | Fortinet Blog
Securityaffairs
3 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
4 months ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading
4 months ago
To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware
Securityaffairs
4 months ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
BankInfoSecurity
5 months ago
Steganography Campaign Targets Global Enterprises