Spear Phishing Fileless Attack with CVE-2017-0199
Credit to Author: Bahare Sabouri and He Xu| Date: Tue, 30 May 2017 16:21:54 -0700
Introduction CVE-2017-0199 is a remote code execution vulnerability that exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploits this vulnerability can take control of an affected system and then install programs, view, change, or delete data, or create new accounts with full user rights. Microsoft issued a patch for this vulnerability April, and most security vendors have published alarms for it. Unfortunately, attacks targeting this vulnerability are still widely being used…
Read more