一、 漏洞 CVE-2017-0199 基础信息
漏洞标题
N/A
来源:AIGC 神龙大模型
漏洞描述信息
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 允许远程攻击者通过编写的文件执行任意代码,也被称为 "Microsoft Office/WordPad 使用 Windows API 的远程代码执行漏洞"。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
来源:AIGC 神龙大模型
漏洞类别
N/A
来源:AIGC 神龙大模型
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Microsoft Office 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Microsoft Office是美国微软(Microsoft)公司开发的一款办公软件套件产品。常用组件有Word、Excel、Access、Powerpoint、FrontPage等。 多款Microsoft产品中存在远程代码执行漏洞。远程攻击者可借助特制的文本文件利用该漏洞执行任意代码。以下产品和版本受到影响:Microsoft Office 2007 SP3;Microsoft Office 2010 SP2;Microsoft Office 2013 SP1;Microsoft Office 20
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
授权问题
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2017-0199 的公开POC
# POC 描述 源链接 神龙链接
1 None https://github.com/ryhanson/CVE-2017-0199 POC详情
2 None https://github.com/SyFi/cve-2017-0199 POC详情
3 Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration. https://github.com/bhdresh/CVE-2017-0199 POC详情
4 Quick and dirty fix to OLE2 executing code via .hta https://github.com/NotAwful/CVE-2017-0199-Fix POC详情
5 CVE-2017-0199 https://github.com/haibara3839/CVE-2017-0199-master POC详情
6 Exploit toolkit CVE-2017-0199 - v2.0 is a handy python script which provides a quick and effective way to exploit Microsoft RTF RCE. It could generate a malicious RTF file and deliver metasploit / meterpreter / any other payload to victim without any complex configuration. https://github.com/Exploit-install/CVE-2017-0199 POC详情
7 Exploit toolkit for vulnerability RCE Microsoft RTF https://github.com/mzakyz666/PoC-CVE-2017-0199 POC详情
8 Exploit toolkit CVE-2017-0199 - v2.0 is a handy python script which provides a quick and effective way to exploit Microsoft RTF RCE. It could generate a malicious RTF file and deliver metasploit / meterpreter payload to victim without any complex configuration. https://github.com/n1shant-sinha/CVE-2017-0199 POC详情
9 An exploit implementation for RCE in RTF & DOCs (CVE-2017-0199) https://github.com/kn0wm4d/htattack POC详情
10 None https://github.com/joke998/Cve-2017-0199 POC详情
11 Cve-2017-0199 https://github.com/joke998/Cve-2017-0199- POC详情
12 None https://github.com/sUbc0ol/Microsoft-Word-CVE-2017-0199- POC详情
13 None https://github.com/viethdgit/CVE-2017-0199 POC详情
14 None https://github.com/herbiezimmerman/2017-11-17-Maldoc-Using-CVE-2017-0199 POC详情
15 RTF Cleaner, tries to extract URL from malicious RTF samples using CVE-2017-0199 & CVE-2017-8759 https://github.com/jacobsoo/RTF-Cleaner POC详情
16 None https://github.com/likescam/CVE-2017-0199 POC详情
17 None https://github.com/stealth-ronin/CVE-2017-0199-PY-KIT POC详情
18 None https://github.com/Phantomlancer123/CVE-2017-0199 POC详情
19 A python script/generator, for generating and exploiting Microsoft vulnerability https://github.com/BRAINIAC22/CVE-2017-0199 POC详情
20 CVE-2017-0199复现 https://github.com/Sunqiz/CVE-2017-0199-reprofuction POC详情
21 None https://github.com/TheCyberWatchers/CVE-2017-0199-v5.0 POC详情
22 RTF de-obfuscator for CVE-2017-0199 documents to find URLs statically. https://github.com/nicpenning/RTF-Cleaner POC详情
23 Python3 toolkit update https://github.com/kash-123/CVE-2017-0199 POC详情
24 None https://github.com/likekabin/CVE-2017-0199 POC详情
三、漏洞 CVE-2017-0199 的情报信息