Friday, May 15, 2009

OLE2 Fragmentation Befuddles Most AV Vendors

BreakingPoint Labs has discovered heavily fragmenting Office documents causes AV and IDS products to miss exploits embedded in them the majority of the time. Writeup by H.D. here.
it's important to note that Sourcefire's Office Cat tool uses the OLE API to parse the stream and find the exploit regardless of how fragmented it is.

No comments:

Blog Archive