An active malware campaign using emails in European languages distributes RTF files with an exploit dating back to a 2017 vulnerability, CVE-2017-11882. The exploit allows attackers to automatically run malicious code without requiring user interaction. The same bug was at the heart of a campaign in late 2018 and early 2019 that distributed the most recent version of the.Hawkeye keylogger. The vulnerability was fixed in November 2017, but to this day, we still observe the exploit in attacks, Microsoft Security Intelligence tweeted.
Source: https://threatpost.com/microsoft-arbitrary-code-execution-old-bug/145527/