The 2018 Pwnie Nominee For Best Client-Side Bug

CVE-2017-11882

Credit: Denis Selianin from Embedi

The Microsoft Equation Editor (EQNEDT32.EXE) has apparently been frozen in time since 2000, rocking out to Creed, and not utilizing a single one of the numerous exploitation mitigations invented since then. Apparently, it didn’t get the memo about how that’s not cool anymore. And also that mitigations are a good idea.

The researchers at Embedi discovered this bug and developed an exploit for it that affects all versions of Microsoft Office and Windows versions released over the last 17 years, taking it higher to the place where blind men see.

You may also enjoy this short tutorial video on how to check for updates and launch calculators on many versions of Windows.