52 matches found
EUVD-2010-3449
Malware in sbrugna...
EUVD-2010-3450
Malware in sbrugna...
CVE-2013-0710
Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows remote attackers to execute arbitrary code via a crafted RTF document...
Cycldek: Bridging the (air) gap
Key findings While investigating attacks related to a group named Cycldek post 2018, we were able to uncover various pieces of information on its activities that were not known thus far. In this blog post we aim to bridge the knowledge gap on this group and provide a more thorough insight into it...
The use of a posture clear odd 11882 format overflow document analysis-vulnerability warning-the black bar safety net
Prior to inadvertently give a very interesting rtf document, the sandbox where the behavior of a pile, the document itself and confuse the very clear odd, so spend a little time to analyze this sample. Substantially clear the sample of the attack techniques and attack the chain, the open part of...
Sea Lotus APT groups use CVE-2017-8570 vulnerability of the new sample and Association analysis-vulnerability warning-the black bar safety net
Sea Lotus(OceanLotus)APT gang is a highly organized, professional foreign national hacker group, the oldest by 360 days eye Labs discovered and disclosed. The organization since at least 2012 and 4 January will be for the Chinese government, research institutes, Maritime institutions, Maritime...
Analyzing an exploit for СVE-2017-11826
The latest Patch Tuesday 17 October brought patches for 62 vulnerabilities, including one that fixed СVE-2017-11826 – a critical zero-day vulnerability used to launch targeted attacks – in all versions of Microsoft Office. The exploit for this vulnerability is an RTF document containing a DOCX...
The Document Foundation LibreOffice RTF Stylesheet Code Execution Vulnerability(CVE-2016-4324)
SUMMARY An exploitable Use After Free vulnerability exists in the RTF parser LibreOffice. A specially crafted file can cause a use after free resulting in a possible arbitrary code execution. To exploit the vulnerability a malicious file needs to be opened by the user via vulnerable application...
Microsoft .NET framework SOAP Moniker PrintClientProxy remote code execution vulnerability
Overview The Microsoft .NET framework fails to properly parse WSDL content, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The PrintClientProxy method in the WSDL-parsing component of the Microsoft .NET framework fails to properly...
FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY
FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject arbitrary code during the parsing of SOAP WSDL definition contents. FireEye analyzed a Microsoft...
Microsoft Office OLE2Link vulnerability (CVE-2017-0199)
Vulnerability details references: Office OLE2Link zero-day from NCCGroup) CVE-2017-0199: In the Wild Attacks Leveraging the HTA Handler From FireEye) HTAsThe Microsoft OLE2Link object contains a vulnerability in the way that it processes remotely-linked content. The remote content is opened based...
Hand to hand teach you how to construct the office exploits EXP(fourth period)-bug warning-the black bar safety net
This is a period of vulnerability to share with you is CVE-2015-1641 learning summary, this vulnerability due to its good versatility and stability claims to have replaced the CVE-2012-0158 trend. The vulnerability is a type confusion class of vulnerability, through which you can achieve arbitrar...
Memory corruption
Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps...
CVE-2016-7193
Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps...
Microsoft Office Information Disclosure (MS16-070: CVE-2016-3234)
An out of bound memory access vulnerability was discovered within Microsoft office word. The root cause comes from wwlib.dll sub components that could lead to an out of bound memory read when processing a malformed rtf document...
word type confusion Vulnerability CVE-2 0 1 5-1 6 4 1 Analysis-vulnerability warning-the black bar safety net
Vulnerability overview This year 4 month, Microsoft patched a named CVE-2 0 1 5-1 6 4 1 word type confusion vulnerability, an attacker can construct the embedded docx rtf documents to attack. word in parsing the docx document processing displacedByCustomXML attribute not customXML object for...
Researchers Outline New Italian RAT uWarrior
Details have come to light about a new remote access Trojan called uWarrior that arrives embedded in a rigged .RTF document. Researchers with Palo Alto Networks’ research division, Unit 42, described the malware and how it appears to have emanated from an “unknown actor of Italian origin,” in a...
CVE-2015-1641
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute...
CVE-2015-1641
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute...
CVE-2015-1641
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute...