“These emails trick recipients into opening a DOCX attachment that secretly contains a malicious RTF file exploiting a known vulnerability (CVE-2017-11882) in Microsoft’s Equation Editor,” explained ASEC researchers. The attack leverages CVE-2017-11882, a memory corruption vulnerability in Microsoft’s Equation Editor component, demonstrating that cybercriminals continue to successfully weaponize older security flaws. The RTF then creates a “Client.vbe” file in a temporary folder and exploits the equation editor vulnerability to execute the command. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. A harmless document actually contains a malicious RTF file that triggers the equation editor vulnerability. Despite being patched in 2017, the Equation Editor vulnerability remains effective because many organizations fail to apply updates consistently. This campaign highlights how cybercriminals continue to successfully leverage older vulnerabilities in their attacks, underscoring the critical importance of maintaining up-to-date security patches even for legacy software components. Kaaviya is a Security Editor and fellow reporter with Cyber Security News.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 30 Apr 2025 12:40:18 +0000