Written by: Genwei Jiang, Rahul Mohandas, Jonathan Leathery, Alex Berry, Lennard Galang FireEye recently detected malicious Microsoft Office RTF documents that leverage CVE-2017-0199, a previously undisclosed vulnerability. This vulnerability allows a malicious actor to download and execute a Visual Basic script containing PowerShell commands when a user opens a document containing an embedded exp
![CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler « Threat Research Blog | FireEye Inc](https://cdn-ak-scissors.b.st-hatena.com/image/square/055f96975d0bb5dcb80628c3fc26da1b1b2c9a5f/height=288;version=1;width=512/https%3A%2F%2Fstorage.googleapis.com%2Fgweb-cloudblog-publish%2Fimages%2Fthreat-intelligence-default-banner-simplif.max-2600x2600.png)