Client Application Firewall
MS.Office.EQNEDT32.EXE.Equation.Parsing.Memory.Corruption
Description
This indicates an attack attempt to exploit a Code Execution vulnerability in Microsoft Office.
The vulnerability is due to an error when "EQNEDT32.EXE" handles a maliciously crafted equation. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted office file.
Outbreak Alert
FortiGuard Labs captured a phishing campaign that spreads a new Agent Tesla variant. This well-known malware family uses a .Net-based Remote Access Trojan (RAT) and data stealer to gain initial access by exploiting vulnerabilities Microsoft Office vulnerabilities CVE-2017-11882 and CVE-2018-0802. The Agent Tesla core module can collect sensitive information from the victim’s device that may include the saved credentials, keylogging information, and device screenshots..
Affected Products
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802
| ID | 44947 |
| Created | Nov 23, 2017 |
| Updated | Nov 12, 2024 |
| Outbreak Alert | Agent Tesla Malware Attack |
| Risk |
|
| CVE ID | CVE-2017-11882 CVE-2018-0802 CVE-2018-0798 |
| Known Exploited | Yes |
| Exploit Prediction Score | 97.44% |
| Default Action | drop |
| Affected OS | Windows |
| Affected App | MS_Office |