Microsoft Office Equation Editor Allows Execution of Arbitrary Code

The Embedi research team recently discovered a Microsoft security issue affecting the Microsoft Equation Editor, an executable that is installed as a part of the Microsoft Office suite, and allows mathematical equations to be embedded in documents as dynamic Object Linking and Embedding (OLE) objects. This vulnerability (CVE-2017-11882) results from an outdated EQNEDT32.EXE file that uses old libraries and lacks any of the recent security features added to Windows OS releases. The editor also contains two memory corruption/buffer overflow vulnerabilities that allow arbitrary code execution without the user’s knowledge or involvement. The Office Equation Editor bug was found to work on all architecture types and all versions of Microsoft Office released over the last 17 years, including Microsoft Office 365. The NJCCIC recommends users and administrators review the Embedi report and apply the recent updates, delivered via KB2553204, KB3162047,KB4011276, and KB4011262 as soon as possible. In addition, until users have applied the update, files should only be opened in Protected View mode to prevent the execution of any active content embedded within the document.