Handling of suspicious Office files

Discussion in 'other security issues & news' started by lucas1985, Jun 18, 2007.

Thread Status:
Not open for further replies.
  1. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    SANS.org discussion
    Code:
    dhahran:/tmp# hexdump -C malicious.doc | grep "UPX" 
    0103d0 55 50 58 30 00 00 00 00 00 20 12 00 00 10 00 00 |UPX0..... ......| 
    0103f0 00 00 00 00 80 00 00 e0 55 50 58 31 00 00 00 00 |........UPX1....| 
    010420 55 50 58 32 00 00 00 00 00 10 00 00 00 60 12 00 |UPX2.........`..| 
    0105e0 55 50 58 21 0c 09 05 06 5c 5d 41 a8 32 6d b5 68 |UPX!....\]A.2m.h| 
    
    OfficeCat
    Code:
    Vulnerabilities Checked by OfficeCat:
    
    - CVE Entries:
    
    CVE-2006-0001 
    CVE-2006-1301 
    CVE-2006-1306 
    CVE-2006-1308 
    CVE-2006-1540 
    CVE-2006-2492 
    CVE-2006-3014 
    CVE-2006-3086 
    CVE-2006-3431 
    CVE-2006-3432 
    CVE-2006-3493 
    CVE-2006-3590 
    CVE-2006-3656 
    CVE-2006-3864 
    CVE-2006-3865 
    CVE-2006-3875 
    CVE-2006-3876 
    CVE-2006-3877 
    CVE-2006-4534 
    CVE-2006-4694 
    CVE-2006-4700 
    CVE-2006-4701 
    CVE-2006-5994 
    CVE-2006-5995 
    CVE-2006-6456 
    CVE-2006-6561 
    CVE-2007-0027 
    CVE-2007-0030 
    CVE-2007-0031 
    CVE-2007-0515 
    CVE-2007-0671 
    
    - Microsoft Advisories:
    
    MS06-059 
    MS06-062 
    MS07-002 
    MS07-014 
    MS07-015 
    
    STG: MFC Docfile Viewer
    FileAlyzer

    Useful threads:
    - Executable types and Malware
    - Antivirus is DEAD!
    - Preventing MSWord Exploits
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,
    Nice one, cheers!
    Mrk
     
  3. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    The final goal is to make a collection of tools/techniques/procedures which can help in determining the safety/legitimacy of a file without having programming/virus analyst skills.
    Without this, what's the purpose of a security setup if somebody can't say (with enough certainty) if a file is harmful or not?
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Don't forget the ultimate tool - Linux. Any decent file explorer - so to say - in a Linux distro, will correctly display file type, plus allow you very safe handling of Windows files, without any fear of getting infected or such. To say nothing of hexing.
    Mrk
     
Loading...
Thread Status:
Not open for further replies.