Microsoft Office CVE-2017-0197 DLL Loading Remote Code Execution Vulnerability

Microsoft Office is prone to a remote code-execution vulnerability.

An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

Information

Bugtraq ID: 97411
Class: Unknown
CVE: CVE-2017-0197

Remote: Yes
Local: No
Published: Apr 11 2017 12:00AM
Updated: Apr 18 2017 12:03AM
Credit: Yorick Koster of Securify B.V.
Vulnerable: Microsoft OneNote 2010 Service Pack 2 (64-bit editions) 0
Microsoft OneNote 2010 Service Pack 2 (32-bit editions) 0
Microsoft OneNote 2007 SP3

Not Vulnerable:

Exploit

A general exploit technique has been documented by TheLeader and H.D. Moore for the Metasploit Project; please see the references for more information.

References:

• Application DLL Load Hijacking (HD Moore)
  
• Exploiting DLL Hijacking Flaws (hdm)
  
• Microsoft Homepage (Microsoft)
  
• Microsoft Office Product Homepage (Microsoft)
  
• More information about the DLL Preloading remote attack vector (Microsoft)
  
• CVE-2017-0197 | Office DLL Loading Vulnerability (Microsoft)
  

Source: www.securityfocus.com