Jump to content

MB Anti-Exploit detects Kutools as an exploit + kills Excel


wrapsbear

Recommended Posts

MB Anti-Exploit detects Kutools as an "ROP attack" exploit.   The log does not show a filename ("n/a"), so I can't create an exception for it or whatever.

Kutools is a popular Excel addin, so it's totes legit.  This behavior occurs both on Windows 7 + Office 2010 as well as Windows 10 + Office 2016.

To reproduce:

1. Download and install https://www.extendoffice.com/downloads/KutoolsforExcelSetup.exe
2. Open an Excel sheet, type something into a cell, and click the Kutools tab at the top
3.  In the ribbon, click "Text" and then "Remove Characters"
4.  Excel quits unexpectedly, and Malwarebytes pops up a message, including: "Exploit ROP gadget attack blocked"

Here's the contents of the MBAE alert log when this occurs:

"2016-10-07T11:11:07.799-05:00";"bear";"3708";"C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE";"5068";"explorer.exe";"1";"508";"452";"0x20816182";"";"";"0x00DF0000";"0x00DCF000";"";"";"";"";"";""
 

Link to post
Share on other sites

  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.