Siow Ying Goh

Zero day leveraging CVE-2017-8759

Discussion created by Siow Ying Goh on Sep 13, 2017
Latest reply on Sep 18, 2017 by Renelee Manio

Fireeye has published an article on the zero day used by leveraging CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. WSDL parser does not perform the right validation if provided data that contains a CRLF sequence. This allows the attacker to inject a System.Diagnostics.Process.Start method. The generated code will be compiled by csc.exe of .NET framework and loaded by office executable as a DLL.


Wondering if Netwitness Endpoint (ECAT) able to detect this zero day attack. Appreciate for your view or sharing if you manage to achieve some exploits.