Detect CVE-2023-36884
yoshimo opened this issue · 1 comments
yoshimo commented
Is your feature request related to a problem? Please describe.
CVE-2023-36884 seems to be a RCE opportunity in office files
Describe the solution you'd like
Find the documents that exploit this vulnerability
Describe alternatives you've considered
Blocking all office documents.
decalage2 commented
Resources to be checked:
- https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
- https://www.trellix.com/en-us/about/newsroom/stories/research/breaking-down-cve-2023-36884-and-the-infection-chain.html
Samples:
- Overview_of_UWCs_UkraineInNATO_campaign.docx [2400b169ee2c38ac146c67408debc9b4fa4fca5f]: https://app.any.run/tasks/e9c2f1a4-df46-4c5d-ada0-1afe2884b856/
- Letter_NATO_Summit_Vilnius_2023_ENG (1).docx [3de83c6298a7dc6312c352d4984be8e1cb698476]: https://app.any.run/tasks/bcaebc71-511b-4a27-8c51-99285acdac71/