GitHub - 0x09AL/CVE-2017-11882-metasploit: This is a Metasploit module which exploits CVE-2017-11882 using the POC released here : https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about.
Malicious RTF Analysis CVE-2017-11882 by a Reader - SANS Internet Storm Center
The Cobalt group is exploiting the CVE-2017-11882 Microsoft Office flaw in targeted attacks
Analysis of CVE-2017-11882 Exploit in the Wild
Analysis of CVE-2017-11882 Exploit in the Wild
Analysis of CVE-2017-11882 Exploit in the Wild
Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw