Crashing explorer.exe with(out) a click, (Mon, Mar 30th)

by nateUncategorizedPosted on Comments are Disabled

In a couple of my recent diaries, we discussed two small unpatched vulnerabilities/weaknesses in Windows. One, which allowed us to brute-force contents of folders without any permissions[1], and another, which enabled us to change names of files and folders without actually renaming them[2]. Today, we’ll add another vulnerability/weakness to the collection – this one will …

Read more “Crashing explorer.exe with(out) a click, (Mon, Mar 30th)”

Crashing explorer.exe with(out) a click, (Mon, Mar 30th)

by nateUncategorizedPosted on Comments are Disabled

In a couple of my recent diaries, we discussed two small unpatched vulnerabilities/weaknesses in Windows. One, which allowed us to brute-force contents of folders without any permissions[1], and another, which enabled us to change names of files and folders without actually renaming them[2]. Today, we’ll add another vulnerability/weakness to the collection – this one will …

Read more “Crashing explorer.exe with(out) a click, (Mon, Mar 30th)”

Crashing explorer.exe with(out) a click, (Mon, Mar 30th)

by nateUncategorizedPosted on Comments are Disabled

In a couple of my recent diaries, we discussed two small unpatched vulnerabilities/weaknesses in Windows. One, which allowed us to brute-force contents of folders without any permissions[1], and another, which enabled us to change names of files and folders without actually renaming them[2]. Today, we’ll add another vulnerability/weakness to the collection – this one will …

Read more “Crashing explorer.exe with(out) a click, (Mon, Mar 30th)”

Crashing explorer.exe with(out) a click, (Mon, Mar 30th)

by nateUncategorizedPosted on Comments are Disabled

In a couple of my recent diaries, we discussed two small unpatched vulnerabilities/weaknesses in Windows. One, which allowed us to brute-force contents of folders without any permissions[1], and another, which enabled us to change names of files and folders without actually renaming them[2]. Today, we’ll add another vulnerability/weakness to the collection – this one will …

Read more “Crashing explorer.exe with(out) a click, (Mon, Mar 30th)”

Obfuscated Excel 4 Macros, (Sun, Mar 29th)

by nateUncategorizedPosted on Comments are Disabled

2 readers (anonymous and Robert) submitted very similar malicious spreadsheets with almost no detections on VT: c1394e8743f0d8e59a4c7123e6cd5298 and a03ae50077bf6fad3b562241444481c1. These files contain Excel 4 macros (checking with oledump.py here): There are a lot of cells in this spreadsheet with a call to the CHAR function: These CHAR formulas evaluate to ASCII characters, that are then …

Read more “Obfuscated Excel 4 Macros, (Sun, Mar 29th)”

Obfuscated Excel 4 Macros, (Sun, Mar 29th)

by nateUncategorizedPosted on Comments are Disabled

2 readers (anonymous and Robert) submitted very similar malicious spreadsheets with almost no detections on VT: c1394e8743f0d8e59a4c7123e6cd5298 and a03ae50077bf6fad3b562241444481c1. These files contain Excel 4 macros (checking with oledump.py here): There are a lot of cells in this spreadsheet with a call to the CHAR function: These CHAR formulas evaluate to ASCII characters, that are then …

Read more “Obfuscated Excel 4 Macros, (Sun, Mar 29th)”

Obfuscated Excel 4 Macros, (Sun, Mar 29th)

by nateUncategorizedPosted on Comments are Disabled

2 readers (anonymous and Robert) submitted very similar malicious spreadsheets with almost no detections on VT: c1394e8743f0d8e59a4c7123e6cd5298 and a03ae50077bf6fad3b562241444481c1. These files contain Excel 4 macros (checking with oledump.py here): There are a lot of cells in this spreadsheet with a call to the CHAR function: These CHAR formulas evaluate to ASCII characters, that are then …

Read more “Obfuscated Excel 4 Macros, (Sun, Mar 29th)”

Obfuscated Excel 4 Macros, (Sun, Mar 29th)

by nateUncategorizedPosted on Comments are Disabled

2 readers (anonymous and Robert) submitted very similar malicious spreadsheets with almost no detections on VT: c1394e8743f0d8e59a4c7123e6cd5298 and a03ae50077bf6fad3b562241444481c1. These files contain Excel 4 macros (checking with oledump.py here): There are a lot of cells in this spreadsheet with a call to the CHAR function: These CHAR formulas evaluate to ASCII characters, that are then …

Read more “Obfuscated Excel 4 Macros, (Sun, Mar 29th)”

Obfuscated Excel 4 Macros, (Sun, Mar 29th)

by nateUncategorizedPosted on Comments are Disabled

2 readers (anonymous and Robert) submitted very similar malicious spreadsheets with almost no detections on VT: c1394e8743f0d8e59a4c7123e6cd5298 and a03ae50077bf6fad3b562241444481c1. These files contain Excel 4 macros (checking with oledump.py here): There are a lot of cells in this spreadsheet with a call to the CHAR function: These CHAR formulas evaluate to ASCII characters, that are then …

Read more “Obfuscated Excel 4 Macros, (Sun, Mar 29th)”

Obfuscated Excel 4 Macros, (Sun, Mar 29th)

by nateUncategorizedPosted on Comments are Disabled

2 readers (anonymous and Robert) submitted very similar malicious spreadsheets with almost no detections on VT: c1394e8743f0d8e59a4c7123e6cd5298 and a03ae50077bf6fad3b562241444481c1. These files contain Excel 4 macros (checking with oledump.py here): There are a lot of cells in this spreadsheet with a call to the CHAR function: These CHAR formulas evaluate to ASCII characters, that are then …

Read more “Obfuscated Excel 4 Macros, (Sun, Mar 29th)”