From 93b71ec1bbcff325709b07f0db42947690d7dee8 Mon Sep 17 00:00:00 2001
From: TheLawsOfChaos <TheLawsOfChaos@users.noreply.github.com>
Date: Fri, 12 Apr 2024 01:26:46 -0400
Subject: [PATCH] Update proc_creation_win_exploit_cve_2017_11882.yml (#4810)

Removed https://embedi[.]com/ link as it points to a malaysian casino page now, added a different short blog and the github PoC.
---
 .../proc_creation_win_exploit_cve_2017_11882.yml               | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rules-emerging-threats/2017/Exploits/CVE-2017-11882/proc_creation_win_exploit_cve_2017_11882.yml b/rules-emerging-threats/2017/Exploits/CVE-2017-11882/proc_creation_win_exploit_cve_2017_11882.yml
index a1f17f442..a68aafcfc 100644
--- a/rules-emerging-threats/2017/Exploits/CVE-2017-11882/proc_creation_win_exploit_cve_2017_11882.yml
+++ b/rules-emerging-threats/2017/Exploits/CVE-2017-11882/proc_creation_win_exploit_cve_2017_11882.yml
@@ -4,7 +4,8 @@ status: stable
 description: Detects exploits that use CVE-2017-11882 to start EQNEDT32.EXE and other sub processes like mshta.exe
 references:
     - https://www.hybrid-analysis.com/sample/2a4ae284c76f868fc51d3bb65da8caa6efacb707f265b25c30f34250b76b7507?environmentId=100
-    - https://www.google.com/url?hl=en&q=https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about&source=gmail&ust=1511481120837000&usg=AFQjCNGdL7gVwLXaNSl2Td8ylDYbSJFmPw
+    - https://www.linkedin.com/pulse/exploit-available-dangerous-ms-office-rce-vuln-called-thebenygreen-
+    - https://github.com/embedi/CVE-2017-11882
 author: Florian Roth (Nextron Systems)
 date: 2017/11/23
 modified: 2021/11/27