Intel Name: How a malicious excel file (cve-2017-0199) delivers the formbook payload
Date of Scan: June 6, 2025
Impact: High
Summary: Our team recently identified a high-severity phishing campaign targeting users of outdated Microsoft Office applications through malicious email attachments. The emails contain an Excel file that exploits the CVE-2017-0199 vulnerability in the OLE (Object Linking and Embedding) feature of older Office versions. The campaign distributes FormBook, an infostealer malware capable of capturing login credentials, keystrokes, and clipboard data. Once the malicious file is opened, a sequence of actions is triggered to deploy the FormBook payload.
