漏洞类别:Office Application
漏洞等级: 
漏洞信息
This vulnerability allows a remote attacker to execute a Visual Basic script, when the user opens a document containing an embedded OLE2link object. When the user opens the document, winword.exe issues a HTTP request to a remote server to retrieve a malicious .hta file, which appears as a fake RTF file.
Affected Version:
Microsoft Office 2016 and prior versions
漏洞危害
An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
解决方案
Microsoft has not released patches that remediate this vulnerability. Customers are advised to contact Microsoft regarding updates or workarounds. Workaround:
Do not open any Office files obtained from untrusted locations.
0day
文章评论