关联漏洞
标题:
Microsoft Office 安全漏洞
(CVE-2017-11882)
描述:Microsoft Office 2007 SP3等都是美国微软(Microsoft)公司开发的办公软件套件产品。 Microsoft Office中存在远程代码执行漏洞,该漏洞源于程序没有正确的处理内存中的对象。远程攻击者可借助特制的文件利用该漏洞在当前用户的上下文中执行任意代码。以下版本受到影响:Microsoft Office 2007 SP3,Microsoft Office 2010 SP2,Microsoft Office 2013 SP1,Microsoft Office 2016。
描述
CVE-2017-11882 File Generator PoC
介绍
# CVE-2017-11882
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
# 2017-11882_Generator
This is a PoC re-edited, from the original one made by Embedi, to generate single file .rtf with a remote command execution embedded.
## Usage
python 2017-11882_Generator.py -x command_to_execute -o output_file_name
Example:
python 2017-11882_Generator.py -x "cmd /c calc" -o test.rtf
## Mitigation
For 32-bit Microsoft Office package in x86 OS:
reg add "HKLM\SOFTWARE\Microsoft\Office\Common\COM Compatibility\{0002CE02-0000-0000-C000-000000000046}" /v "Compatibility Flags" /t REG_DWORD /d 0x400
For 32-bit Microsoft Office package in x64 OS:
reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\Common\COM Compatibility\{0002CE02-0000-0000-C000-000000000046}" /v "Compatibility Flags" /t REG_DWORD /d 0x400
## Patch
Microsoft released a Patch
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882
WE ARE NOT RESPONSIBLE OF ANY DAMAGES CAUSED BY THE USE OF THIS SOFTWARE. IT WAS MADE FOR EDUCATIONAL PURPOSE AND TESTING ONLY!!!
---------------------
www.blackmath.it | info@blackmath.it
文件快照
[4.0K] /data/pocs/d26572b5bdee935f0495370d4620beab6e6c004b
├── [9.2K] 2017-11882_Generator.py
└── [1.3K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。