OLE2 Fragmentation Befuddles Most AV Vendors
BreakingPoint Labs has discovered heavily fragmenting Office documents causes AV and IDS products to miss exploits embedded in them the majority of the time. Writeup by H.D. here.
it's important to note that Sourcefire's Office Cat tool uses the OLE API to parse the stream and find the exploit regardless of how fragmented it is.
it's important to note that Sourcefire's Office Cat tool uses the OLE API to parse the stream and find the exploit regardless of how fragmented it is.