A use cve-2017-11882 and cve-2018-0802 combination of vulnerability a malicious document analysis-vulnerability warning-the black bar safety net

! Recently intercepted an extension doc word document to attack the samples, which format is actually RTF format. By analyzing the document composition the use of a cve-2017-11882 and cve-2018-0802 vulnerability, and use the embedded excel object is used to trigger the vulnerability. The release ...

A CVE-2017-11882 vulnerability is a new variation of a sample of the debugging and analysis-vulnerability warning-the black bar safety net

Recently harvested a suffix called doc word document, view the After is actually a rich text format document. In a test environment to open after the discovery of a network connection and executing a program of action, determine the sample is malware document. After a preliminary analysis, found...

Null pointer dereference

An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must convince a...

CVE-2018-4040

The CVE-2018-4040 issue affects Atlantis Word Processor versions 3.2.7.1 and 3.2.7.2, with a root cause described as an uninitialized pointer in the Rich Text Format (RTF) parser leading to heap corruption and potential code execution when a victim opens a crafted document. Cisco Talos’ advisory ...

The use of a posture clear odd 11882 format overflow document analysis-vulnerability warning-the black bar safety net

Prior to inadvertently give a very interesting rtf document, the sandbox where the behavior of a pile, the document itself and confuse the very clear odd, so spend a little time to analyze this sample. Substantially clear the sample of the attack techniques and attack the chain, the open part of...

Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox

This blog post was authored by Edmund Brumaghin and Holger Unterbrink with contributions from Emmanuel Tacheau. Executive Summary Cisco Talos has discovered a new malware campaign that drops the sophisticated information-stealing trojan called "Agent Tesla," and other malware such as the Loki...

XenMobile: Supported File Formats with Quick Edit

Question and Answers Which all file formats are supported within Quick Edit? QuickEdit supports the following types of files: Microsoft Word – .doc and .docx Microsoft Excel – .xls and .xlsx Microsoft PowerPoint – .ppt and .pptx PDF TXT and RTF iOS only CSV iOS only GIF, JPEG, BMP, and PNG These...

Design/Logic Flaw

An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution...

CVE-2018-3975

An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution...

CVE-2018-3975

Cisco Talos reports CVE-2018-3975 as an Atlants Word Processor 3.2.6 RTF-parsing vulnerability. The flaw is an exploitable uninitialized OLE document pointer (offset -0x8e0) used when parsing RTF tokens; if an attacker can control the stack, they can trigger an out-of-bounds write that can lead t...

CVE-2018-3975

An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution...

Atlantis Word Processor uninitialized TDocOleObject code execution vulnerability

Summary An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution. Tested Version...

Multiple Cobalt Personality Disorder

Introduction Despite the notion that modern cybersecurity protocols have stopped email-based attacks, email continues to be one of the primary attack vectors for malicious actors — both for widespread and targeted operations. Recently, Cisco Talos has observed numerous email-based attacks that ar...

An attacker with Office vulnerability propagation FELIXROOT Backdoor-vulnerability warning-the black bar safety net

! One, the attack event details 2017 9 months, in response to Ukrainian attacks, FireEye found FELIXROOT Backdoor this malicious payload, and feedback to our intelligence perception of the customers. The attack activities using some malicious Ukrainian banks document that contains a macro, used t...

Exploit for Out-of-bounds Write in Microsoft

CVE-2018-8174EXP usage: CVE-2018-8174.py -h -u URL -o OUTPU...

CVE-2018-8174

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka “Windows VBScript Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1,...

Sea Lotus APT groups use CVE-2017-8570 vulnerability of the new sample and Association analysis-vulnerability warning-the black bar safety net

Sea Lotus（OceanLotus）APT gang is a highly organized, professional foreign national hacker group, the oldest by 360 days eye Labs discovered and disclosed. The organization since at least 2012 and 4 January will be for the Chinese government, research institutes, Maritime institutions, Maritime...

Microsoft Office Information Disclosure (CVE-2018-0950)

A vulnerability exists in RTF based emails which cause information disclosure through Outlook on Windows. The vulnerability is due to an error in the way Microsoft Office improperly discloses the contents of its memory. A remote attacker can exploit this issue by enticing a victim to open a...

Outlook Bug Allowed Hackers to Use .RTF Files To Steal Windows Passwords

A vulnerability in Microsoft Outlook allowed hackers to steal a user’s Windows password just by having the target preview an email with a Rich Text Format RTF attachment that contained a remotely hosted OLE object. The bug was patched by Microsoft as part of its April Patch Tuesday fixes, over a...

Flaw in Microsoft Outlook Lets Hackers Easily Steal Your Windows Password

A security researcher has disclosed details of an important vulnerability in Microsoft Outlook for which the company released an incomplete patch this month—almost 18 months after receiving the responsible disclosure report. The Microsoft Outlook vulnerability CVE-2018-0950 could allow attackers ...