FILE-OFFICE -- Snort detected traffic targeting vulnerabilities in files belonging to the Microsoft Office suite of software (Excel, PowerPoint, Word, Visio, Access, Outlook, etc.).
FILE-OFFICE RTF objautlink url moniker file download attempt
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API." Impact: CVSS base score 7.8 CVSS impact score 5.9 CVSS exploitability score 1.8 confidentialityImpact HIGH integrityImpact HIGH availabilityImpact HIGH Details: Ease of Attack:
This event is generated when a document containing an OBJAUTLINK url moniker is downloaded.
No public information
No known false positives
Talos research team. This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].
No rule groups
N/A
Not Applicable
CVE-2017-0199 |
Loading description
|
Tactic: Initial Access
Technique: Spearphishing Attachment
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org