Sandworm(CVE-2 0 1 4-4 1 1 4 related to the threat of a comprehensive analysis of the report — and to chasing shadows Security Platform detection problem of the complex disk-vulnerability warning-the black bar safety net

2014-10-16T00:00:00
ID MYHACK58:62201454724
Type myhack58
Reporter 佚名
Modified 2014-10-16T00:00:00

Description

1 threat card and introduction

!

CVE-2 0 1 4-4 1 1 4 is in the OLE package Manager the INF arbitrary code execution vulnerability, the vulnerability affects Win Vista, Win7 and aboveoperating system, the attackers used PowerPoint as an attack vector, the vulnerability is in the Microsoft Windows and the server on the OLE package Manager in. In the OLE package file packer.dll in to be able to download and perform a similar INF an external file, allowing the attacker to execute commands.

2 vulnerability principle

For we first obtain the MD5 HASH for 330e8d23ab82e8a0ca6d166755408eb1 of samples for analysis.

Through the analysis tool we can see that this file is embedded with two OLE objects, as follows:

!

[1] [2] [3] [4] [5] [6] [7] [8] [9] [1 0] [1 1] [1 2] [[1 3]] (<54724_13.htm>) [1 4] [1 5] next