Now Reading
CVE-2017-11826 analysis in Depth

CVE-2017-11826 analysis in Depth

by Igor Mikhaylov2017-12-18

CVE-2017-11826 is a memory corruption vulnerability that allows a remote attacker to execute arbitrary code by tricking a victim into opening a specially crafted file. The problem affects all supported versions of MS Office.

Gradiant ‘Security and Privacy team has received and analysed a sample of an office document that, instead of incorporating a malicious macro, exploits the 0-day vulnerability identified as CVE-2017-11826 which patch was published on October 17, 2017. After analysis The affected content was classified as a type confusion.

This article shows an analysis of the office document. The research team noticed a slight increase in the number of malicious office documents that do not use macros. Therefore it is important to constantly update the software.



Leave a Response

Please enter the result of the calculation above.