A EXCEL the vulnerabilities the sample shellcode analysis-vulnerability warning-the black bar safety net

ID MYHACK58:62201457131
Type myhack58
Reporter 佚名
Modified 2014-12-20T00:00:00


0x00 causes

Recently I got a EXCEL samples, allegedly an over-all anti-virus of 0day, after the analysis after a let me disappointed, this is a 2 0 1 2-year old vulnerability, not 0day the. Although not picked to the 0day, but this sample of shellcode is still quite distinctive, it is indeed possible to bypass most of the antivirus and Proactive Defense. Following on to analyze this EXCEL EXP the use of exploits and shellcode techniques.

0x01 vulnerability analysis

The vulnerability is CVE-2 0 1 2-0 1 5 8, a stack overflow vulnerability, a vulnerability causes MSCOMCTL. OCX in parsing a flag for the Cobj structure when the direct use of the contents of the file data as the copy length, resulting in the copy of the data can overwrite a function return address, causing a stack overflow vulnerability.

! !

On the vulnerability analysis there are many online, here not as the analysis focus, we mainly look at this exp shellcode is how to write to bypass the antivirus software.

0x02 Shellcode1

[1] [2] [3] [4] [5] [6] [7] next