Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Undetected CVE-2017-11882
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Undetected CVE-2017-11882 (Read 1825 times)
0 Members and 1 Guest are viewing this topic.
KDibble
Sr. Member
Posts: 229
Undetected CVE-2017-11882
«
on:
June 20, 2019, 08:24:02 PM »
At VirusTotal:
https://www.virustotal.com/gui/file/33460b47d955bb765d583e410e994b8ce5e22be93176ab0297df04a54cc75b47/detection
This was sent via email to us earlier today. 23/57 engines detect malware. Avast is not among them.
[Edited to correct typo, and to add:]
The file is an Excel spreadsheet.
«
Last Edit: June 20, 2019, 08:46:30 PM by KDibble
»
Logged
Pondus
Probably Bot
Posts: 37534
Not a avast user
Re: Undetected CVE-2017-11882
«
Reply #1 on:
June 20, 2019, 09:56:21 PM »
Report a malicious sample (select file or website)
https://www.avast.com/report-malicious-file.php
Logged
KDibble
Sr. Member
Posts: 229
Re: Undetected CVE-2017-11882
«
Reply #2 on:
June 20, 2019, 10:01:23 PM »
Reported.
Thanks, Pondus.
Logged
Pondus
Probably Bot
Posts: 37534
Not a avast user
Re: Undetected CVE-2017-11882
«
Reply #3 on:
June 20, 2019, 10:03:23 PM »
Quote from: KDibble on June 20, 2019, 10:01:23 PM
Reported.
Thanks, Pondus.
Your welcome
Info on how to report to avast lab is found in one of the two sticky posts at top in this section
«
Last Edit: June 20, 2019, 10:17:30 PM by Pondus
»
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 33904
malware fighter
Re: Undetected CVE-2017-11882
«
Reply #4 on:
June 20, 2019, 11:56:58 PM »
Read how this COBALT payload exploiting
went unnoticed for 17 years
:
https://blog.reversinglabs.com/blog/reversinglabs-yara-rule-detects-cobalt-payload-exploiting-cve-2017-11882
and likewise:
https://www.mimecast.com/blog/2019/03/the-return-of-the-equation-editor-exploit--difat-overflow/
combining the first Equation Editor Exploit with an attack amplifier and a way to render it to go undetected.
Cybercriminals here were a special group from Serbia, that were using specially-crafted Microsoft Word documents
to take advantage of how Microsoft Word handles Integer Overflow errors in the OLE file format,
abusing OLE formats in this way.
The MS Office dropper can be detected using the YARA rule “potential_CVE_2017_11882_v2.yara”.
Download here:
https://www.reversinglabs.com/sites/files/downloads/potential_CVE_2017_11882_v2.yara
What more undocumented surprises to be abused Microsoft has in store for us.
This is why for military & critical infrastructure for the Russian Federation,
they recently started to steer away from propriety Microsoft to embrace their own form of hardenend linux OS,
named Astra Linux.
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
KDibble
Sr. Member
Posts: 229
Re: Undetected CVE-2017-11882
«
Reply #5 on:
June 24, 2019, 03:47:55 PM »
This is now detected by 8.0.1609. pattern file version 190624-0.
Thanks everyone!
Logged
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Undetected CVE-2017-11882