Articles tagged office

2017-11-24 11:09:19
A simple PoC for CVE-2017-11882. This exploit triggers WebClient service to start and execute remote file from attacker-controlled WebDav server. The reason why this approach might be handy is a limitation of executed command length. However with help of WebDav it is possible to launch arbitrary attacker-controlled executable on vulnerable machine. This script creates simple document with several OLE objects. These objects exploits CVE-2017-11882, which results in sequential command execution.
2008-08-14 07:25:13
Multiple vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system.