157 matches found
Microsoft Office - Composite Moniker Remote Code Execution Exploit
Exploit for windows platform in category local exploits What? This repo contains a Proof of Concept exploit for CVE-2017-8570, a.k.a the "Composite Moniker" vulnerability. This demonstrates using the Packager.dll trick to drop an sct file into the %TEMP% directory, and then execute it using the...
Word-based Malware Attack Doesn’t Use Macros
Typically, inbox-based attacks that include malicious Microsoft Office attachments require adversaries to trick users into enabling macros. But researchers say they have identified a new malicious email campaign that uses booby-trapped Office attachments that are macro-free. The attacks do not...
CVE-2018-6390
The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an copy call, which allows remote attackers to cause a denial of service access violation and application crash via a crafted a web page, b office...
Code injection
The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 does not validate the size of the source memory block before an copy call, which allows remote attackers to cause a denial of service access violation and application crash via a crafted a web page, b office...
CVE-2018-6390
The vulnerability CVE-2018-6390 affects Kingsoft WPS Office, specifically the WStr::assign function in kso.dll used by WPS Office versions 10.1.0.7106 and 10.2.0.5978. The issue arises because the source memory block size is not validated before a _copy call, allowing remote attackers to trigger ...
CVE-2018-6217
The WStr::allociostrdata function in kso.dll in Kingsoft WPS Office 10.1.0.7106 and 10.2.0.5978 allows remote attackers to cause a denial of service application crash via a crafted a web page, b office document, or c .rtf file...
Microsoft Office - Composite Moniker Remote Code Execution
Microsoft Office - Composite Moniker Remote Code Execution What? This repo contains a Proof of Concept exploit for CVE-2017-8570, a.k.a the "Composite Moniker" vulnerability. This demonstrates using the Packager.dll trick to drop an sct file into the %TEMP% directory, and then execute it using th...
Microsoft Office - 'Composite Moniker Remote Code Execution
What? This repo contains a Proof of Concept exploit for CVE-2017-8570, a.k.a the "Composite Moniker" vulnerability. This demonstrates using the Packager.dll trick to drop an sct file into the %TEMP% directory, and then execute it using the primitive that the vulnerability provides. Download:...
A simple example of a complex cyberattack
We're already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious...
Microsoft Office Word Malicious Hta Execution Exploit
This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how an olelink object can make a https request, and execute hta code in response. This bug was originally seen being exploited in the wild...
Microsoft Office Word - '.RTF' Malicious HTA Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Microsoft Office Word Malicious Hta Execution", 'Description' = %q This module creates a malicious RTF file that when opened in...
Microsoft Office Word Malicious Hta Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Microsoft Office Word Malicious Hta Execution", 'Description' = %q This module creates a malicious RTF file that when opened in...
Exploit for CVE-2017-0199
Exploit toolkit CVE-2017-0199 - v2.0 Exploit toolkit CVE-201...
Oracle Linux 7 : libreoffice (ELSA-2017-0914)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-0914 advisory. - Resolves: rhbz1435534 CVE-2017-3157 Arbitrary file disclosure in Calc and Writer - Resolves: rhbz1353839 CVE-2016-4324 dereference of invalid STL iterator on...
Hand to hand teach you how to construct the office exploits EXP(third period)-bug warning-the black bar safety net
In the previous term of office vulnerability to share, describes the legendary exploits of cve-2 0 1 3-3 9 0 6 a technical framework, which covers a lot of the overflow class of vulnerability classic. This period give everybody to bring the share is CVE-2 0 1 4-1 7 6 1, this vulnerability is stri...
CVE-2016-4324
Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens...
Design/Logic Flaw
Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens...
DEBIAN-CVE-2016-4324
Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens...
CVE-2016-4324
CVE-2016-4324 : A use-after-free vulnerability exists in the LibreOffice RTF parser, triggered by parsing crafted RTF files containing a specific combination of stylesheet and superscript tokens. Exploitation could allow arbitrary code execution. Public technical details in connected documents co...
CVE-2016-4324
Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens...