How A Malicious Excel File (Cve-2017-0199) Delivers The Formbook Payload
fortinet, Thursday, June 5th, 2025
FortiGuard Labs recently observed a high-severity phishing campaign targeting old version Office Application users through malicious email attachments.
The emails deliver an Excel file designed to exploit the CVE-2017-0199 vulnerability, a known flaw in old version Microsoft Office's OLE (Object Linking and Embedding) functionality. The malware being spread in this campaign is FormBook, an information-stealing malware known for its ability to capture sensitive data, including login credentials, keystrokes, and clipboard information. Upon opening the malicious Excel file, the malware performs a series of operations, ultimately running the FormBook payload.