Skip to main content

Office OLE Vulnerability Allows Remote Code Execution

A memory corruption fault in the EQNEDT32.exe Object Linking and Embedding (OLE) used by Microsoft Office products for insertion of equations may result in an unauthenticated, remote user being able to execute arbitrary code.
Threat ID:
CC-1808
Category:
Exploit
Threat Severity:
Low
Threat Vector:
Published:
23 November 2017 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A memory corruption fault in the EQNEDT32.exe Object Linking and Embedding (OLE) used by Microsoft Office products for insertion of equations may result in an unauthenticated, remote user being able to execute arbitrary code.

Threat details

This vulnerability could be exploited to take full control of a system.

Threat updates

Date Update
28 Nov 2017

The Cobalt advanced persistent threat (APT) group has been observed utilising the OLE vulnerability in attacks targeted primarily at Russian and Eastern European financial organisations. They are able to use the vulnerability to deliver a compromised version of the Cobalt Strike threat emulation software. 

Remediation steps

Type Step

Vulnerability has been patched as part of Microsoft's November 2017 Security Update Summary. Users are encouraged to apply this patch as soon as possible.

 

Last edited: 17 February 2020 11:36 am