Didier Stevens

Tuesday 2 August 2016

rtfdump: Update And Videos

Filed under: maldoc,My Software,Update — Didier Stevens @ 0:00

I made a small update to rtfdump and added new rules to rtf.yara.

This video is an intro to rtfdump:

This is a video on an RTF maldoc (MD5 07884483f95ae891845caf0d50ce507f) that contains an exploit for MS12-027 CVE-2012-0158:

This is a video on an RTF maldoc (MD5 4483ad299158eb54f6ff58b5346a36ee) that contains an exploit for MS10-087 CVE-2010-3333:

rtfdump_V0_0_3.zip (https)
MD5: 59DC23EE55F76C065A2A718DDFDB0E4E
SHA256: 46F9D768C6976AD5D4018EFDFD35DAE4212FEAE57871434A33CAEF028CB4CBA2

2 Comments »

  1. […] Didier Stevens made a small update to rtfdump.py (now at version 0.0.3) and added new rules to rtf.yara. The blog post also includes videos that he’s uploaded showing his examination on a couple of RTF files containing known exploits. rtfdump: Update And Videos […]

    Pingback by Week 31 – 2016 – This Week In 4n6 — Sunday 7 August 2016 @ 13:21

  2. […] rtfdump: Update And Videos […]

    Pingback by Overview of Content Published In August | Didier Stevens — Sunday 18 September 2016 @ 18:36


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: