security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update proc_creation_win_exploit_cve_2017_11882.yml (#4810)

Browse Source 
Removed https://embedi[.]com/ link as it points to a malaysian casino page now, added a different short blog and the github PoC.
This commit is contained in:
TheLawsOfChaos
2024-04-12 01:26:46 -04:00
committed by GitHub
parent 9078b857a1
commit 93b71ec1bb
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules-emerging-threats/2017/Exploits/CVE-2017-11882/proc_creation_win_exploit_cve_2017_11882.yml
+2 -1
View File
@@ -4,7 +4,8 @@ status: stable
description: Detects exploits that use CVE-2017-11882 to start EQNEDT32.EXE and other sub processes like mshta.exe
references:
- https://www.hybrid-analysis.com/sample/2a4ae284c76f868fc51d3bb65da8caa6efacb707f265b25c30f34250b76b7507?environmentId=100
- https://www.google.com/url?hl=en&q=https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about&source=gmail&ust=1511481120837000&usg=AFQjCNGdL7gVwLXaNSl2Td8ylDYbSJFmPw
- https://www.linkedin.com/pulse/exploit-available-dangerous-ms-office-rce-vuln-called-thebenygreen-
- https://github.com/embedi/CVE-2017-11882
author: Florian Roth (Nextron Systems)
date: 2017/11/23
modified: 2021/11/27