News

MS Office's 17 Year old Vulnerability Letting Hackers to Install Malware

At the point when the world is as yet managing the risk of 'unpatched' Microsoft Office's worked in DDE include, analysts have revealed a major issue with another Office segment that could enable hackers to remotely introduce malware on focused PCs. 

The bug is a memory-corruption issue that resides in all variants of Microsoft Office launched in the previous 17 years, including Microsoft Office 365, and conflicts with all adaptations of Windows working framework, including the most recent Microsoft Windows 10 Creators Update.

 

Found by the security analysts at Embedi, the powerlessness prompts remote code execution, permitting an unauthenticated, remote attacker to execute malicious code on a focused on framework without requiring client cooperation in the wake of opening a vindictive report. 

The weakness, distinguished as CVE-2017-11882, lives in EQNEDT32.EXE, a MS Office part which is in charge of inclusion and altering of conditions (OLE objects) in records. 

In any case, because of uncalled for memory operations, the part neglects to legitimately deal with objects in the memory, tainting it such that the hacker could execute noxious code with regards to the signed in client. 

Seventeen years prior, EQNEDT32.EXE was presented in Microsoft Office 2000 and had been kept in all variants launched after Microsoft Office 2007 keeping in mind the end goal to guarantee the product stays good with records of more seasoned forms.

Since this component has a number of security issues which can be easily exploited, disabling it could be the best way to ensure your system security.

Users can run the following command in the command prompt to disable registering of the component in Windows registry:

reg add "HKLM\SOFTWARE\Microsoft\Office\Common\COM Compatibility\{0002CE02-0000-0000-C000-000000000046}" /v "Compatibility Flags" /t REG_DWORD /d 0x400
MS Office's 17 Year old Vulnerability Letting Hackers to Install Malware Reviewed by Ali Dharani on 6:37 AM Rating: 5

No comments:

Feel free to ask questions, we love to respond.

All Rights Reserved by The World of IT & Cyber Security: ehacking.net © 2014 - 2015
Powered By Blogger, Designed by Sweetheme

Contact Form

Name

Email *

Message *

Powered by Blogger.