ESET ResearchJoin #ESETResearch's Romain Dumont at BSides Calgary for "Reverse One Zero Day, Get One Free!" on May 2 at 8pm local time.
In his talk, Romain will explore how ESET found a zero-day vulnerability in WPS Office for Windows (CVE-2024-7262) exploited by APT-C-60 for espionage. This one-click remote code execution bug targets the software suite, popular in Asia with 500M users.
Our analysis revealed weaponized MHTML-formatted spreadsheets exploiting a path traversal bug due to poor input sanitization. Developers used their knowledge of WPS Office and Windows internals to bypass constraints.
Further analysis of the patch led us to the discovery of a logic flaw introduced by the latter. We demonstrate how a single bit created an alternate path for arbitrary code execution (CVE-2024-7263). 📅 Save the date ➡️ hackertracker.app/event/?conf=BSIDESCALGARY2025&event=60453
In his talk, Romain will explore how ESET found a zero-day vulnerability in WPS Office for Windows (CVE-2024-7262) exploited by APT-C-60 for espionage. This one-click remote code execution bug targets the software suite, popular in Asia with 500M users.
Our analysis revealed weaponized MHTML-formatted spreadsheets exploiting a path traversal bug due to poor input sanitization. Developers used their knowledge of WPS Office and Windows internals to bypass constraints.
Further analysis of the patch led us to the discovery of a logic flaw introduced by the latter. We demonstrate how a single bit created an alternate path for arbitrary code execution (CVE-2024-7263). 📅 Save the date ➡️ hackertracker.app/event/?conf=BSIDESCALGARY2025&event=60453
