CVE-2017-8570 Exp及利用样本分析
CVE-2017-0261及利用样本分析 0x01 漏洞描述 成因:打开Office文档时,FLTLDREXE将被用于渲染包含该漏洞的嵌入式EPS文件。该文件是由PostScript语言编写而成,可以被攻击者通过"save-restore"操作利用,其本质为一UAF漏洞。 当用户打开包含格式错误的图形图像的文件时,或者当用户将格式
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote malicious users to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft office 2010 |
||
microsoft office 2013 |
||
microsoft office 2007 |
In the field of information security, sandboxes are used to isolate an insecure external environment from a secure internal environment (or vice versa), to protect against the exploitation of vulnerabilities, and to analyze malicious code. At Kaspersky Lab, we have several sandboxes, including an Android sandbox. In this article, we will look at just one of them that was customized to serve the needs of a specific product and became the basis of Kaspersky Anti Targeted Attack Platform. This part...
Download Review of the year Download Overall statistics Download the consolidated Kaspersky Security Bulletin 2016 1. Kaspersky Security Bulletin. Predictions for 20172. Kaspersky Security Bulletin 2016. The ransomware revolution If they were asked to sum up 2016 in a single word, many people around the world – particularly those in Europe and the US – might choose the word ‘unpredictable’. On the face of it, the same could apply to cyberthreats in 2016: the massive botnets of connec...
Download the full report (PDF) Earlier in the year, as part of an incident response investigation, we uncovered a new version of the Skimer ATM malware. The malware, which first surfaced in 2009, has been re-designed. So too have the tactics of the cybercriminals using it. The new ATM infector has been targeting ATMs around the world, including the UAE, France, the United States, Russia, Macau, China, the Philippines, Spain, Germany, Georgia, Poland, Brazil and the Czech Republic. Rather than th...
CVE-2015-2545 is a vulnerability discovered in 2015 and corrected with Microsoft’s update MS15-099. The vulnerability affects Microsoft Office versions 2007 SP3, 2010 SP2, 2013 SP1 and 2013 RT SP1. The error enables an attacker to execute arbitrary code using a specially crafted EPS image file. The exploit uses PostScript and can evade Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) protection methods. The exploit was discovered in the wild in August 2015, when it...
"Operation Ke3chang" updates 'Tidepool' malware to target MS Word mess
Attackers have revamped their malware to better target embassy staff, says a Palo Alto Networks security team. The "Operation Ke3chang" campaign is slinging the TidePool malware which it has quietly upgraded over recent years. Researchers Micah Yates, Mike Scott, Brandon Levene, Jen Miller-Osborn and Tom Keigher say the group slipped under analysts' radars since 2013 and took the opportunity to hit Indian embassies around the world. "Despite going unreported on since 2013, Operation Ke3chang has...