This page is a repository of real world attacks (i.e. exploit kits, malvertising, spam) stopped by Malwarebytes Anti-Exploit. It is a work in progress with newer (or older) CVEs getting added when they have been found exploited in the wild.
Traffic captures and samples are provided – when available – for offline replay as well. All malware captures/samples are password protected with the usual password. Please note you are using this resource at your own risk.
Exploits sorted by software/CVE:
- Internet Explorer
- CVE-2016-0189
- CVE-2015-2419
- CVE-2013-7331 (fingerprinting)
- Flash Player
- Silverlight
- Office documents
Internet Explorer
CVE-2016-0189
- Tested on IE11
- Tested against Sundown EK
- Download traffic capture (SAZ)
- Note for replay: turn off ‘Disable Internet Explorer VB Scripting’
CVE-2015-2419
- IE10 and IE11 (JScript9 engine)
- Tested against Angler EK
- Download traffic capture (SAZ)
- Note for replay: install MBAE in random directory and disable anti-fingerprinting
Fingerprinting
CVE-2013-7331
- Information disclosure bug allows to check for file/folder names on local disk
- Tested against Angler EK
- Download traffic capture (SAZ)
Flash Player
CVE-2016-4117
- Flash Player 21.0.0.213
- Tested against Neutrino EK
- Download traffic capture (SAZ)
CVE-2015-5122
- Flash Player 18.0.0.203
- Tested against Nuclear Pack
- Download traffic capture (SAZ)
CVE-2015-5119
- Flash Player 18.0.0.194
- Tested against RIG EK
- Download traffic capture (SAZ)
CVE-2015-3113
- Flash Player 18.0.0.160
- Tested against RIG EK
- Download traffic capture (SAZ)
Silverlight
CVE-2016-0034
- Silverlight 5.1.41105.0
- Tested against RIG EK
- Download traffic capture (SAZ)
Office documents
CVE-2015-1641
- Tested with Microsoft Word 2010
- Download sample
COMMENTS