Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtEduardo Braun Prado1337DAY-ID-23902
HistoryJul 21, 2015 - 12:00 a.m.

Microsoft Word Local Machine Zone Remote Code Execution Vulnerability

2015-07-2100:00:00
Eduardo Braun Prado
0day.today
37

0.677 Medium

EPSS

Percentile

97.6%

JSON

Microsoft Word, Excel, and Powerpoint 2007 contain a remote code execution vulnerability because it is possible to reference documents such as Works document (.wps) as HTML. It will process HTML and script code in the context of the local machine zone of Internet Explorer which leads to arbitrary code execution. By persuading users into opening eg. specially crafted .WPS, ".doc ", ".RTF " (with a space at the end) it is possible to trigger the vulnerability and run arbitrary code in the context of the logged on Windows user.

Exploit Title: Microsoft Word Local Machine Zone Remote Code Execution Vulnerability
Date: July 15th, 2015
Exploit Author: Eduardo Braun Prado
Vendor Homepage : http://www.microsoft.com
Version: 2007
Tested on: Microsoft Windows  XP, 2003, Vista, 2008, 7, 8, 8.1
CVE:    CVE-2015-0097
 
Original Advisory: https://technet.microsoft.com/library/security/ms15-022
 
Microsoft Word, Excel and Powerpoint 2007 contains a remote code execution vulnerability because it is possible 
to reference documents such as Works document (.wps) as HTML. It will process HTML and script code in the context 
of the local machine zone of Internet Explorer which leads to arbitrary code execution. 
By persuading users into opening eg. specially crafted .WPS, ".doc ", ".RTF " (with a space at the end) 
it is possible to triggerthe vulnerability and run arbitrary code in the context of the logged on Windows user.
 
Exploit code here :
 
https://onedrive.live.com/embed?cid=412A36B6D0A9436A&resid=412A36B6D0A9436A%21156&authkey=AA_JVoZcoM5kvOc
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37657.zip

#  0day.today [2018-02-20]  #

Related

checkpoint_advisories 1
prion 1
exploitpack 1
cvelist 1
symantec 1
cve 1
exploitdb 1
openvas 6
mskb 1
nessus 1
kaspersky 1
securityvulns 1
myhack58 1
checkpoint_advisories
checkpoint_advisories
Microsoft Word Local Zone Remote Code Execution (MS15-022; CVE-2015-0097)
2015-03-10 00:00:00
prion
prion
Remote code execution
2015-03-11 10:59:00
exploitpack
exploitpack
Microsoft Word - Local Machine Zone Code Execution (MS15-022)
2015-07-20 00:00:00
cvelist
cvelist
CVE-2015-0097
2015-03-11 10:00:00
symantec
symantec
Microsoft Word CVE-2015-0097 Memory Corruption Vulnerability
2015-03-10 00:00:00
cve
cve
CVE-2015-0097
2015-03-11 10:59:00
exploitdb
exploitdb
Microsoft Word - Local Machine Zone Code Execution (MS15-022)
2015-07-20 00:00:00
openvas
openvas
Microsoft Office Excel Remote Code Execution Vulnerabilities (3038999)
2015-03-11 00:00:00
Microsoft Office Excel Viewer Remote Code Execution Vulnerabilities (3038999)
2015-03-11 00:00:00
Microsoft Office Word Remote Code Execution Vulnerabilities (3038999)
2015-03-11 00:00:00
mskb
mskb
MS15-022: Vulnerabilities in Office could allow remote code execution: March 10, 2015
2015-03-10 00:00:00
nessus
nessus
MS15-022: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3038999)
2015-03-11 00:00:00
kaspersky
kaspersky
KLA10469 Multiple vulnerabilities in Microsoft products
2015-03-10 00:00:00
securityvulns
securityvulns
Microsoft Office and Sharepoint multiple security vulnerabilities
2015-04-16 00:00:00
myhack58
myhack58
The macro perspective of the office vulnerability, 2010-2018-a vulnerability warning-the black bar safety net
2019-06-13 00:00:00

0.677 Medium

EPSS

Percentile

97.6%

JSON
Related for 1337DAY-ID-23902
checkpoint_advisories1prion1exploitpack1cvelist1symantec1cve1exploitdb1openvas6mskb1nessus1kaspersky1securityvulns1myhack581