More from Haifei Li
Analyzing Microsoft Office Zero-Day Exploit CVE-2017-11826
McAfee Labs has performed frequent analyses of Office-related threats over the years: In 2015, we presented research on the Office...
Critical Office Zero-Day Attacks Detected in the Wild
At McAfee, we have put significant efforts in hunting attacks such as advanced persistent threats and “zero days.” Yesterday, we...
Patch Now: Simple Office ‘Protected View’ Bypass Could Have Big Impact
Protected View is a security feature of Microsoft Office. According to research from MWR Labs, Protected View mode is a strong...
Threat Actors Employ COM Technology in Shellcode to Evade Detection
COM (Component Object Model) is a technology in Microsoft Windows that enables software components to communicate with each other; it...
Threat Actors Use Encrypted Office Binary Format to Evade Detection
This blog post was written in conjunction with Xiaoning Li. Microsoft Office documents play an important role in our work...
McAfee Adds Flash Exploit Detection to NSP 8.2
Adobe Flash vulnerabilities and exploits have worried users and security professionals for many years. The situation today remains serious. A...
Bypassing Microsoft’s Patch for the Sandworm Zero Day
This is the second part of our analysis of the Sandworm OLE zero-day vulnerability and the MS14-060 patch bypass. Check out...
Bypassing Microsoft’s Patch for the Sandworm Zero Day, the Root Cause
On October 21, we warned the public that a new exploitation method could bypass Microsoft’s official patch (MS14-060, KB3000869) for...
New Exploit of Sandworm Zero-Day Could Bypass Official Patch
Update of October 25: Some comments posted after we published this report suggest that our proof-of-concept exploit will trigger the...
Dropping Files Into Temp Folder Raises Security Concerns
Recently, the McAfee Advanced Exploit Detection System (AEDS) has delivered some interesting RTF files to our table. These RTFs have...
- 1
- 2
