Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2015-07-12 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Jump List Files Are OLE Files

Published: 2015-07-12
Last Updated: 2015-07-13 04:36:47 UTC
by Didier Stevens (Version: 1)
1 comment(s)

Jump List files are another type of files that are actually OLE files. They can contain useful data for forensic investigations. There are a couple of tools that can extract information from these files.

Here you can see oledump analyzing an automatic Jump List file:

The stream DestList contains the Jump List data:

There are several sites on the Internet explaining the format of this data, like this one. I used this information to code a plugin for Jump List files:

The plugin takes an option (-f) to condense the information to filenames:

Please post a comment if you have another Jump List tool to share.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

1 comment(s)
Another Adobe Flash Zero Day http://www.kb.cert.org/vuls/id/338736

PHP 5.x Security Updates

Published: 2015-07-12
Last Updated: 2015-07-12 00:06:16 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

PHP 5.6.11, 5.5.27 and 5.4.43 were updated fixing numerous bugs in the various components of PHP including CVE-2015-3152. PHP recommend testing and upgrading to the current release. The binaries and packages are available here and the release notes here.

[1] http://www.php.net/ChangeLog-5.php
[2] http://windows.php.net/download/

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: CVE20153152 PHP
0 comment(s)
Diary Archives