CVE-2017-11882

Industry: N/A | Level: | Source: FireEye

CVE-2017-11882 affects several versions of Microsoft Office and, when exploited, allows a remote user to run arbitrary code in the context of the current user as a result of improperly handling objects in memory. The vulnerability exists in the old Equation Editor (EQNEDT32.EXE), a component of Microsoft Office that is used to insert and evaluate mathematical formulas. As the EQNEDT32.exe is compiled using an older compiler and does not support address space layout randomization (ASLR), a technique that guards against the exploitation of memory-corruption vulnerabilities, the attacker can easily alter the flow of program execution.This use case is geared towards detecting the potential malicious Microsoft Office payload(CVE-2017-11882) on host