In the vulnerability of the patch before the release of the vulnerability the exploit code is able to bypass most security measures however, FireEye e-mail and network product still detects the related malicious files. FireEye recommends that Microsoft Office users from Microsoft to download and install the appropriate patch](< a). The attacker via e-mail to the target user sends containing OLE2 embedded and linked objects the Microsoft Word documentĢ. When a user opens a document, the winword. exe to a remote server an HTTP request, to request a malicious HTA fileģ. The server returns the file with the embedded malicious script fake RTF fileĤ. exe through COM objects to find the application / hta file processing program, which causes the Microsoft HTA applications mshta.exe load and execute a malicious scriptīased on our previous discovery of two documents, the malicious script will terminate winword. The reason you want to terminate the original winword.Įxe processes, download additional payload, and loaded the bait file. exe process, in order to cover up OLE2link to generate the user prompt. The prompt specifically shown in Figure 1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |