MSExcel/CVE_2018_0798.F!exploit
Analysis
MSExcel/CVE_2018_0798.F!exploit is a generic detection for an exploit.
An exploit is a malicious program that takes advantage of a software vulnerability that may enable a remote attacker to gain access to the targeted system.
Since this is a generic detection, malware that are detected as MSExcel/CVE_2018_0798.F!exploit may have varying behaviour.
Below are some of its observed characteristics/behaviours:
- This malware attempts to exploit a stack buffer overflow which would lead to arbitrary code execution. It is related to the CVE-2018-0798 vulnerability. The malware targets the equation editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 which allows a remote code execution vulnerability.
- This malware has been associated with the following third party advisory.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0798 https://nvd.nist.gov/vuln/detail/CVE-2018-0798
- Md5: 9c71c815218af6ff1731999259f4addf
Sha256: 398d256650b2e158d1669d1153eb18677a6ad26995141a616d73d56b68c7ec07 - Md5: 30abfaa1f4f0c6e5639a508f7dcbdeca
Sha256: 81902bcf2618888999cbe28c0cc2a3822e32f400fbcc28991684fed14fbbe1c0 - Md5: 295d2090edd09657a2f4d11054c7775d
Sha256: 180d4590db1326a44047937837a9e67821cefd1ca0ccf4f3b26e023284aecd0c - Md5: 901559330a73a5c24ddcbdccb875b16f
Sha256: b6575bf9ab9d4659d1fe979b1c8fe44647fa7e8fdd4fd3cd7de02c9884b3fb0e - Md5: aab9d2ad0f159359ec503bd004317daa
Sha256: 7bb77c85fc2670ac6f5a8b223ca791a2f5ae8e758e9cbef746db074344cb4f6d
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |