Jump to content

MB Anti-Exploit detects Kutools as an exploit + kills Excel

Recommended Posts

MB Anti-Exploit detects Kutools as an "ROP attack" exploit.   The log does not show a filename ("n/a"), so I can't create an exception for it or whatever.

Kutools is a popular Excel addin, so it's totes legit.  This behavior occurs both on Windows 7 + Office 2010 as well as Windows 10 + Office 2016.

To reproduce:

1. Download and install https://www.extendoffice.com/downloads/KutoolsforExcelSetup.exe
2. Open an Excel sheet, type something into a cell, and click the Kutools tab at the top
3.  In the ribbon, click "Text" and then "Remove Characters"
4.  Excel quits unexpectedly, and Malwarebytes pops up a message, including: "Exploit ROP gadget attack blocked"

Here's the contents of the MBAE alert log when this occurs:

"2016-10-07T11:11:07.799-05:00";"bear";"3708";"C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE";"5068";"explorer.exe";"1";"508";"452";"0x20816182";"";"";"0x00DF0000";"0x00DCF000";"";"";"";"";"";""

Share this post

Link to post
Share on other sites


I spent the last month going back and forth with support, installing debug versions and generating countless logs.   As a result, 

A fix for this is included in v1.9.2.1261, now available.

Edited by AdvancedSetup
corrected font issue

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.