MS.Office.EQNEDT32.EXE.Equation.Parsing.Memory.Corruption

description-logoDescription

This indicates an attack attempt to exploit a Code Execution vulnerability in Microsoft Office.
The vulnerability is due to an error when "EQNEDT32.EXE" handles a maliciously crafted equation. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted office file.

description-logoOutbreak Alert

FortiGuard Labs captured a phishing campaign that spreads a new Agent Tesla variant. This well-known malware family uses a .Net-based Remote Access Trojan (RAT) and data stealer to gain initial access by exploiting vulnerabilities Microsoft Office vulnerabilities CVE-2017-11882 and CVE-2018-0802. The Agent Tesla core module can collect sensitive information from the victim’s device that may include the saved credentials, keylogging information, and device screenshots..

View the full Outbreak Alert Report

affected-products-logoAffected Products

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-09-12 25.636 Sig Added
2022-05-31 20.326 Sig Added
2022-04-12 20.296 Sig Added
2021-12-07 19.211 Sig Added
2021-12-07 19.209 Sig Added
2021-10-25 18.184 Modified
2021-10-18 18.180 Sig Added
2021-10-14 18.179 Sig Added
2021-04-28 18.069 Sig Added
2020-09-21 16.928 Modified