Sign In with your
Trend Micro Account
需要協助?
需要協助?

若您需要技術支援,請 按此建立案件。

CVE-2017-8570 Vulnerability downloads high-profile malware

    • 更新於:
    • 27 Aug 2019
    • 產品/版本:
    • Apex One 2019
    • Deep Discovery Email Inspector 3.5
    • Deep Discovery Inspector 5.5
    • Deep Security 12.0
    • InterScan Messaging Security Suite 9.1
    • Interscan Messaging Security Virtual Appliance 9.1
    • Interscan Web Security Virtual Appliance 6.5
    • OfficeScan XG
    • ScanMail for Exchange 14.0
    • Worry-Free Business Security Advanced 10.0
    • Worry-Free Business Security Standard 10
    • 作業系統:
    • N/A N/A
概要

The CVE-2017-8570 vulnerability of Microsoft Office allows a remote code execution vulnerability because it handles objects in memory. An attacker can execute arbitrary code on the system because of improper handling of objects in memory. By tricking a victim to open a weaponized document, the attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim.

Some malicious Rich Text Format (RTF) documents used as malspam attachments leverage the vulnerability to install malicious payload on the machine of victims. These malspam and phishing emails use social engineering techniques such as fake product order requests and invoice documents to trick the victims to open the attachments. This vulnerability now serves as downloader to other high-profile malware such as Loki and Nanocore.

Behavior

  • Downloads high-profile malware namely Loki and Nanocore
  • Uses composite moniker in the RTF file to execute a Windows Script Component (WSC) file or scriptlet (.sct) on the victim’s machine
  • Bypasses the Microsoft patch for CVE-2017-0199

Capabilities

  • Download Routine

Impact

  • Compromise system security - downloads and installs additional malware

Infection Routine

Fareit Infection Details

Sample Spam (Product Order Request)

Sample Spam message

詳情
Public

File Reputation

Detection/Policy/RulesPattern Branch/VersionRelease Date
  • Trojan.W97M.CVE20178570.SM
  • Trojan.W97M.CVE20178570.AUA
ENT OPR 15.311.00
August 20, 2019

Behavior Monitoring

Pattern Branch/VersionRelease Date
TMTD OPR 1899
May 10, 2019

Web Reputation

DetectionPattern Branch
URL Protection
In the Cloud

Anti-spam

Pattern VersionRelease Date
AS Pattern 4860August 20, 2019

Solution Map: What should customers do?

Trend Micro SolutionProductLatest VersionVirus PatternAnti-spam PatternNetwork PatternBehavior MonitoringPredictive Learning MachineWeb Reputation
Endpoint SecurityApex One2019Update Pattern via
web console
Not Applicable
Not Applicable
Enable Behavior Monitoring and
update pattern via
web console
Not Applicable
Enable Web Reputation Service and
update pattern via
web console
OfficeScanXG(12.0)
Worry-Free Business SecurityStandard (10.0)
Advanced (10.0)Update pattern via
web console
Hybrid Cloud SecurityDeep Security12.0Update pattern via
web console
Not Applicable
Email and Gateway SecurityDeep Discovery Email Inspector3.5Update pattern via
web console
Update pattern via
web console
Not Applicable
InterScan Messaging Security9.1
InterScan Web Security6.5
ScanMail for Microsoft Exchange14.0
Network SecurityDeep Discovery Inspector5.5
Not Applicable
Not Applicable

Recommendation

Threat Report

Blogs

Premium
Internal
評價:
分類:
Remove a Malware / Virus
解決方案ID:
1123612
評定這個解決方案
本文是否幫助解決您的問題?

感謝您的意見!

請留下您的Email方便進一步的聯繫,協助我們改進文章內容:
我們不會透過以上Email寄送任何可能騷擾您的垃圾信.

本意見調查系統為自動運作,將不會回覆如銷售、技術、產品等一般問題.

若您需要協助,請聯繫對應的技術支援窗口. 聯絡我們


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.