This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Zero day leveraging CVE-2017-8759

SiowYingGoh
Beginner
Beginner

‎2017-09-13 11:52 PM

Fireeye has published an article on the zero day used by leveraging CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. WSDL parser does not perform the right validation if provided data that contains a CRLF sequence. This allows the attacker to inject a System.Diagnostics.Process.Start method. The generated code will be compiled by csc.exe of .NET framework and loaded by office executable as a DLL.

 

Wondering if Netwitness Endpoint (ECAT) able to detect this zero day attack. Appreciate for your view or sharing if you manage to achieve some exploits. 

Labels:
0 Likes
1 REPLY 1

ReneleeManio
Occasional Contributor Occasional Contributor
Occasional Contributor

‎2017-09-18 08:47 PM

Hi Siow Ying Goh‌,

 

There is a blog post that was recently published about CVE-2017-8759. Please see blog post on this link - https://community.rsa.com/community/products/netwitness/blog/2017/09/18/malspam-and-cve-2017-8759.

 

regards,

Renelee "AP" R. Manio

© 2022 RSA Security LLC or its affiliates. All rights reserved.