Phishing with the Microsoft Equation Editor Vulnerability

Back in 2017, Microsoft announced a vulnerability in their Equation Editor, dubbed CVE-2017-11882. This memory corruption vulnerability allowed attackers to execute malicious code in the context of the exploited user. Here we are in 2020 and the vulnerability is still be exploited in phishing attacks. In this episode we speak with Cofense Cyber Threat Intelligence Analyst Max Gannon about what the vulnerability is, why it’s still being exploited, and what organizations can do to better defend against these attacks. For more information on topics mentioned in this episode, please visit: NIST CVE Details Cofense “Patch or Pass” blog post Questions...The post Phish Fryday – Phishing with the Microsoft Equation Editor Vulnerability appeared first on Cofense.Phish Fryday – Phishing with the Microsoft Equation Editor Vulnerability was first posted on February 7, 2020 at 12:10 am.©2018 "Cofense". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at [email protected]