Share:

Back in 2017, Microsoft announced a vulnerability in their Equation Editor, dubbed CVE-2017-11882. This memory corruption vulnerability allowed attackers to execute malicious code in the context of the exploited user. Here we are in 2020 and the vulnerability is still be exploited in phishing attacks. In this episode we speak with Cofense Cyber Threat Intelligence Analyst Max Gannon about what the vulnerability is, why it’s still being exploited, and what organizations can do to better defend against these attacks.

For more information on topics mentioned in this episode, please visit:

NIST CVE Details

Cofense “Patch or Pass” blog post

Questions or comments? Reach us at phishfryday@cofense.com

Subscribe to
Phish Fryday

Or subscribe with your favorite app by using the address below