Cofense Logo - Email Security Solutions

Phish Fryday – Phishing with the Microsoft Equation Editor Vulnerability

Share Now


Back in 2017, Microsoft announced a vulnerability in their Equation Editor, dubbed CVE-2017-11882. This memory corruption vulnerability allowed attackers to execute malicious code in the context of the exploited user. Here we are in 2020 and the vulnerability is still be exploited in phishing attacks. In this episode we speak with Cofense Cyber Threat Intelligence Analyst Max Gannon about what the vulnerability is, why it’s still being exploited, and what organizations can do to better defend against these attacks.

For more information on topics mentioned in this episode, please visit:

NIST CVE Details

Cofense “Patch or Pass” blog post

Questions or comments? Reach us at [email protected]

Discover how phishing awareness training can help your organization defend against changing phishing threats.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.