During Anomali Threat Researcher’s tracking of the “Royal Road” Rich Text Format (RTF) weaponizer, commonly used by multiple Chinese threat actors to exploit CVE-2017-11882 and CVE-2018-0802, it was discovered that multiple Chinese threat groups updated their weaponizer to exploit the Microsoft Equation Editor (EE) vulnerability CVE-2018-0798 late 2018. We believe the groups moved to use CVE-2018-0798 instead of the other Microsoft Equation Editor Remote Code Execution (RCE) vulnerabilities because the former is more reliable as it works on all known versions of Equation Editor.

REFERENCE:
https://www.anomali.com/blog/multiple-chinese-threat-groups-exploiting-cve-2018-0798-equation-editor-vulnerability-since-late-2018
TAG:
GROUP: