CVE-2017-11826 – Microsoft Office Memory Corruption Vulnerability – an Alert by Quick Heal Security Labs

Credit to Author: Pradeep Kulkarni| Date: Fri, 13 Oct 2017 09:14:57 +0000

The recent zero-day vulnerability in Microsoft Office vulnerability CVE-2017-11826 enables attackers to perform a Remote Code Execution on targeted machines. According to a recently published blog post, this vulnerability is being exploited in the wild. Microsoft has released a security update on October 10, 2017, to fix this issue. Vulnerable versions The following versions of Microsoft products are affected by this vulnerability: Microsoft Office Compatibility Pack Service Pack 3 Microsoft Office Online Server 2016 Microsoft Office Web Apps Server 2010 Service Pack 2 Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft Office Word Viewer Microsoft SharePoint Enterprise Server 2016 Microsoft Word 2007 Service Pack 3 Microsoft Word 2010 Service Pack 2 (32-bit editions) Microsoft Word 2010 Service Pack 2 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Word Automation Services  About the vulnerability This is a type-confusion vulnerability in Microsoft Word which allows attackers to perform a Remote Code Execution on targeted machines. After successful exploitation, attackers can take control of the vulnerable systems and download and execute programs on them. Reportedly, the vulnerability is currently being exploited in the wild through a malicious RTF document. This RTF file is an initial attack vector that makes a request to a CNC server to download and execute the malware. According to a VirusTotal report, Quick Heal products successfully detected the exploit with one of its generic detections – ‘Exp.Shell.Gen.Q’. Quick Heal/Seqrite detections Quick Heal/Seqrite has released the following detection for the vulnerability CVE-2017-11826: Exp.OLE.CVE-2017-11826 Exp.Shell.Gen.Q The additional detection ‘Exp.OLE.CVE-2017-11826’ will be available to Quick Heal users in the next update. Indicators of compromise b2ae500b7376044ae92976d9e4b65af8 Subject Matter Experts • Pradeep Kulkarni, Pavankumar Chaudhari | Quick Heal Security Labs The post CVE-2017-11826 – Microsoft Office Memory Corruption Vulnerability – an Alert by Quick Heal Security Labs appeared first on Quick Heal Technologies Security Blog | Latest computer security news, tips, and advice.
http://blogs.quickheal.com/feed/