Xavier did a dynamic analysis of a malicious document with an equation editor exploit.
In this video, I perform a quick & dirty static analysis using oledump.py, xorsearch and scdbg.
If you are more interested in all the technical details of an equation editor exploit, take a look at diary entry Dissecting a CVE-2017-11882 Exploit.
Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
