Zero day leveraging CVE-2017-8759
Fireeye has published an article on the zero day used by leveraging CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. WSDL parser does not perform the right validation if provided data that contains a CRLF sequence. This allows the attacker to inject a System.Diagnostics.Process.Start method. The generated code will be compiled by csc.exe of .NET framework and loaded by office executable as a DLL.
Wondering if Netwitness Endpoint (ECAT) able to detect this zero day attack. Appreciate for your view or sharing if you manage to achieve some exploits.
- Community Thread
- Forum Thread
- netwitness for endpoint
- RSA ECAT
- RSA NetWitness Endpoint
- RSA NetWitness Platform
Hi Siow Ying Goh,
There is a blog post that was recently published about CVE-2017-8759. Please see blog post on this link - https://community.rsa.com/community/products/netwitness/blog/2017/09/18/malspam-and-cve-2017-8759.
Renelee "AP" R. Manio