CVE-2017-14971
MEDIUMInFocus Mondopad 2.2.08 - Hashed Credential Disclosure via Crafted Microsoft Office Document
Title source: llmDescription
Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated with an attacker-controller server. In one specific scenario, the attacker provides an Excel spreadsheet, and the attacker-controller server receives the victim's NetNTLMv2 hash.
References (1)
Core 1
Core References
Exploit, Mitigation, Third Party Advisory x_refsource_misc
https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/InFocus%20Mondopad%20%3C%202.2.08%20-%20CVE-2017-14971
Scores
CVSS v3
5.5
EPSS
0.0086
EPSS Percentile
54.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
infocuscorp/infocus_mondopad
2.2.08
Published
Oct 09, 2017
Tracked Since
Feb 18, 2026