BreakingPoint Labs has discovered heavily fragmenting Office documents causes AV and IDS products to miss exploits embedded in them the majority of the time. Writeup by H.D. here.
it's important to note that Sourcefire's Office Cat tool uses the OLE API to parse the stream and find the exploit regardless of how fragmented it is.
Information, tools and how-to's for the new intrusion analyst. Mentoring by blogging.
No comments:
Post a Comment