佚名MYHACK58:62201789563The latest Office 0day vulnerabilities flaws bug(CVE-2017-11826)in the wild attack warning-vulnerability warning-the black bar safety net
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.951 High
EPSS
Percentile
99.1%
!
2017 9 May 28, 360 the focus of the Network Security Business Unit upscale intimidating response team to capture an application Office 0day vulnerabilities flaws bug(CVE-2017-11826 the Korean invasion attack. The vulnerability flaws bug nearly affect the Microsoft currently support all office versions, the Korean invasion attack only for the specific office version. The invasion of the attacker to the rtf document is embedded in the vicious thoughts docx content of the situation to stop the invasion attack. Via the process of intrusion sample of C&C to stop tracing trace elucidating, in our invention the invasion of the attacker from the 8 mid-May start to organize the invasion of the attack, at 9 wolmi real mobilization of the intrusion attack, the vulnerability flaws bugs in this period of time is without nail 0day condition.
360 the focus of the network security team is the first to Microsoft share the 0day vulnerabilities flaws bug the details of the network security vendors, let’s keep with the Microsoft stick enthusiastically the same, all the way pushing the 0day vulnerabilities flaws bug in the week announced a network security patch, so the vulnerability flaws of the bug to get proper solution and then show vulnerability flaws bug information.
The latest version of the 360 network security product able to detect and avoid this 0day vulnerability flaws bug invasion attacks, we initiative to the user real-time updates 10 on the Microsoft Network Security Patch of.
Intrusion analysis
This 0day vulnerability flaws bug invasion attack on the Korean application is really a document pattern for the RTF Rich Text Format, the invasion of the attacker via the process by the knot configuration of the vicious thoughts of the word document tag and the corresponding attribute value of forming a long distance random ratio of code to perform, payload payload payload to intrusion process in the following, it is worth noting that the load fulfilling vicious thoughts code The application of a known network security vendor of the software dll coerce vulnerability flaws bug invasion attack will end up in the victim computer that resides in a document confidential important function of efficient long-distance control Trojan.
! [](/Article/UploadPic/2017-10/20171011155921902. png? www. myhack58. com)
! [](/Article/UploadPic/2017-10/20171011155921141. png? www. myhack58. com)
Summary and protection initiative
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.951 High
EPSS
Percentile
99.1%