MS Office’s 17 Year old Vulnerability Letting Hackers to Install Malware

At the point when the world is as yet managing the risk of ‘unpatched’ Microsoft Office’s worked in DDE include, analysts have revealed a major issue with another Office segment that could enable hackers to remotely introduce malware on focused PCs. 
The bug is a memory-corruption issue that resides in all variants of Microsoft Office launched in the previous 17 years, including Microsoft Office 365, and conflicts with all adaptations of Windows working framework, including the most recent Microsoft Windows 10 Creators Update.
 
Found by the security analysts at Embedi, the powerlessness prompts remote code execution, permitting an unauthenticated, remote attacker to execute malicious code on a focused on framework without requiring client cooperation in the wake of opening a vindictive report. 
The weakness, distinguished as CVE-2017-11882, lives in EQNEDT32.EXE, a MS Office part which is in charge of inclusion and altering of conditions (OLE objects) in records. 
In any case, because of uncalled for memory operations, the part neglects to legitimately deal with objects in the memory, tainting it such that the hacker could execute noxious code with regards to the signed in client. 
Seventeen years prior, EQNEDT32.EXE was presented in Microsoft Office 2000 and had been kept in all variants launched after Microsoft Office 2007 keeping in mind the end goal to guarantee the product stays good with records of more seasoned forms.
Since this component has a number of security issues which can be easily exploited, disabling it could be the best way to ensure your system security.
Users can run the following command in the command prompt to disable registering of the component in Windows registry:
reg add “HKLMSOFTWAREMicrosoftOfficeCommonCOM Compatibility{0002CE02-0000-0000-C000-000000000046}” /v “Compatibility Flags” /t REG_DWORD /d 0x400
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Become a spy in your own right with Xnspy Android spying app

Having become widely popular among parents and employers, spying apps have become quite the norm nowadays. Android spying apps have made it a lot...

e-Services Portals Potentially Expose Government Infrastructure to File-based Attacks

More and more users are embracing technology to perform their day-to-day activities. It’s not only private businesses that are forced to establish digital channels...

What is Nmap? How to use Nmap for Information Gathering

Nmap stands for Network Mapper, a powerful network scanning and host detection tool that is being used to perform reconnaissance in a very first...

Digital Forensics Investigation using Autopsy In Kali Linux

Autopsy is one of the digital forensics tools use to investigate what happened on a computer. It offers a GUI access to variety of...