Last Updated: 2019-04-27 10:02:31 UTC
by Didier Stevens (Version: 1)
In diary entry "Dissecting a CVE-2017-11882 Exploit" I analyze an equation editor exploit. These kind of exploits have become prevalent, I often see malware exploiting this vulnerability.
In my diary entry, I use my tool format-bytes.py to dissect the exploit using a long string of format specifiers. This is not practical if you have to do this often:
That's why I have now added a library of format strings to my tool format-bytes.py, eqn1 is the format string to use for this exploit:
So in stead of typing "-f "<HIHIIIIIBBBBBBBBBB40s..." ", you can now just type: "-f name=eqn1".