漏洞详情参考:
* [Office OLE2Link zero-day](http://paper.seebug.org/papers/Archive/2017-04%20Office%20OLE2Link%20zero-day%20v0.4.pdf)(来自NCCGroup)
* [CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler
](https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html)(来自FireEye)
HTAsThe Microsoft OLE2Link object contains a vulnerability in the way that it processes remotely-linked content. The remote content is opened based on the application associated with the server-provided MIME type. Some MIME types are dangerous, as they can result in code execution. For example, the application/hta mime type is associated with mshta.exe. Opening arbitrary HTA content is equivalent to executing arbitrary code. This vulnerability is reportedly being exploited in the wild. The exploits used in the wild have the following characteristics:
* The document that triggers the OLE2Link vulnerability is an RTF document that masquerades as a Microsoft Word DOC file.
* The exploit connects to a remote server to obtain an execute an HTA file, which contains VBScript to be executed by the client.
Note that depending on the nature of the vulnerability, it may be possible to target Microsoft Windows components other than Microsoft Word. This vulnerability reportedly affects all versions of Microsoft Office, including Office 2016 on Windows 10. It is also reported that [Microsoft Office Protected View](https://support.office.com/en-us/article/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653) can help prevent exploitation without user interaction.
This vulnerability is reportedly being exploited in the wild.
Unavailable Comments