Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs...

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types a...

Multiple Cobalt Personality Disorder

Introduction Despite the notion that modern cybersecurity protocols have stopped email-based attacks, email continues to be one of the primary attack vectors for malicious actors — both for widespread and targeted operations. Recently, Cisco Talos has observed numerous email-based attacks that ar...

Sea Lotus APT groups use CVE-2017-8570 vulnerability of the new sample and Association analysis-vulnerability warning-the black bar safety net

Sea Lotus（OceanLotus）APT gang is a highly organized, professional foreign national hacker group, the oldest by 360 days eye Labs discovered and disclosed. The organization since at least 2012 and 4 January will be for the Chinese government, research institutes, Maritime institutions, Maritime...

Microsoft Office - Composite Moniker Remote Code Execution Exploit

Exploit for windows platform in category local exploits What? This repo contains a Proof of Concept exploit for CVE-2017-8570, a.k.a the "Composite Moniker" vulnerability. This demonstrates using the Packager.dll trick to drop an sct file into the %TEMP% directory, and then execute it using the...

Microsoft Office - Composite Moniker Remote Code Execution

Microsoft Office - Composite Moniker Remote Code Execution What? This repo contains a Proof of Concept exploit for CVE-2017-8570, a.k.a the "Composite Moniker" vulnerability. This demonstrates using the Packager.dll trick to drop an sct file into the %TEMP% directory, and then execute it using th...

Microsoft Office - 'Composite Moniker Remote Code Execution

What? This repo contains a Proof of Concept exploit for CVE-2017-8570, a.k.a the "Composite Moniker" vulnerability. This demonstrates using the Packager.dll trick to drop an sct file into the %TEMP% directory, and then execute it using the primitive that the vulnerability provides. Download:...

Immunity Canvas: OFFICE_WSDL

Name| officewsdl ---|--- CVE| CVE-2017-8759, CVE-2017-8570 Exploit Pack| CANVAS Description| Microsoft Office Moniker/WSDL C Injection Notes| CVE Name: CVE-2017-8759, CVE-2017-8570 VENDOR: https://office.com Notes: Send the resulting document to someone and have them open it. If the target is...

Oolong CVE-2017-8570 samples and behind the idea-vulnerability warning-the black bar safety net

The so-called CVE-2017-8570 sample Last week, 360 days eye lab found foreign hackers on Github released a CVE-2017-8570 exploits code, but then deleted, in order to find quite a few labeled as CVE-2017-8570 Office malware samples, such as the following VirusTotal is marked as CVE-2017-8570 sample...

Microsoft Office 2013 Service Pack 1 Remote Code Execution Vulnerability (KB3213555)

This host is missing an important security update according to Microsoft KB3213555 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft Office 2016 Remote Code Execution Vulnerability (KB3213545)

This host is missing an important security update according to Microsoft KB3213545 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft Office 2007 Service Pack 3 Remote Code Execution Vulnerability (KB3213640)

This host is missing an important security update according to Microsoft KB3213640 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Remote code execution

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8570...

CVE-2017-8570

CVE-2017-8570 concerns Microsoft Office and is described as a remote code execution vulnerability caused by how Office handles objects in memory (notably monikers/embedded objects in documents). Multiple connected sources corroborate the vulnerability class as an Office memory object handling iss...

CVE-2017-8570

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243...

CVE-2017-8570

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka “Microsoft Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0243. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

KLA11069 Multiple vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges and spoof user interface. Below is a complete list of vulnerabilities: 1. Multiple vulnerabilities related to improper handling of...