Bird_banner_small4
Microsoft Office OLE2Link Remote Code Execution
TSL ID TSL20170411-15
CVE ID(s) CVE-2017-0199
Severity High
Description

A remote code execution vulnerability has been reported in the OLE component of Microsoft Office. This vulnerability is due to incorrect parsing of embedded OLE2Link objects.

A remote attacker can exploit this vulnerabilities by enticing a user to open a maliciously crafted document. Successful exploitation results in arbitrary code execution under the context of the target user. This vulnerability is currently being exploited in the wild.

The vendor, Microsoft, has released an advisory to address this vulnerability:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199

Affected Products
  • Microsoft Office 2007 Service Pack 3
  • Microsoft Office 2010 Service Pack 2
  • Microsoft Office 2013 Service Pack 1
  • Microsoft Office 2016
CVSS Score Base 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is PARTIAL
  • Impact of this vulnerability on data integrity is PARTIAL
  • Impact of this vulnerability on data availability is PARTIAL
Temporal 5.3 (E:POC/RL:OF/RC:C):
  • The exploitability level of this vulnerability is PROOF OF CONCEPT
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199
https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html
Related Threats