Analysis of CVE-2014-1761 RTF

[Usr6]

Technical Analysis of CVE-2014-1761 RTF Vulnerability.

Recently, Microsoft announced that an RTF sample exploiting CVE-2014-1761 is in the wild. The sample has just become publicly known. I spent some time analyzing the vulnerability and this blog describes what I found. The sample I analyzed has a SHA1 value of 200f7930de8d44fc2b00516f79033408ca39d610. The main module that was used in my analysis is wwlib.dll with file version of 14.0.7113.5001 used in Microsoft Office 2010.

Aici: Technical Analysis of CVE-2014-1761 RTF Vulnerabil... - HP Enterprise Business Community

Patch analysis of latest Microsoft Office vulnerability (CVE-2014-1761):

I wrote about a Microsoft Word vulnerability, which was at that point a zero day, a few weeks ago. Microsoft released the update for this vulnerability with their April 2014 Patch Tuesday. There is some confusion in the industry about the nature of this vulnerability, so I analyzed the patch -- in the process, confirming my previous findings. This blog discusses my results, along with some additional interesting findings related to previous security updates of the RTF parser in Microsoft Office.

CVE-2014-1761 was patched with security bulletin MS14-017. MS14-001 was the latest relevant security update before this update. I compared WWLIB.DLL binaries extracted from MS14-001 (pre-patch binary) and MS14-017 (post-patch binary).

Aici: Patch analysis of latest Microsoft Office vulnerab... - HP Enterprise Business Community

[PingLord]

Poti sa scoti un entropy pattern te rog si sa il postezi ?