On November 14, 2017, specialists from Embedi published a technical report about CVE-2017-11882 vulnerability and demonstrated it in various versions of Microsoft Office products. This vulnerability allows attackers to execute random codes, upload executable files and run them. It appeared back in 2000 – it was when the vulnerable element Microsoft Equation or, more precisely, "EQNEDT32.EXE" was created. This element allows attackers to introduce mathematical formulas in Office documents with the use of OLE technology. After the release of Office 2007, this component was updated, but the old version was still supported to ensure compatibility with old documents. And that means that the vulnerability has existed for 17 years (sic!).
CVE was registered as early as July 31, 2017 and a few days later it was reported to Microsoft by Embedi specialists. The final patch from Microsoft was released only on November 14, 2017.
Three days ago, on November 21, in its public GitHub repository, Embedi published a proof of concept for this vulnerability (https://github.com/embedi/CVE-2017-11882), as well as a python script, which allows creating new vulnerable ". rtf" documents.