Office Equation Editor RCE — 17-year-old bug exploited by dozens of APT groups in phishing campaigns. The parser is still distributed even in modern Office. Apply November 2017 patches. Remove or disable the Equation Editor COM object via registry.
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →