chvancooten
commented
2 years ago Merged, sorry for the delay and thanks again!
Closed DanusMinimus closed 2 years ago
chvancooten
commented
2 years ago Merged, sorry for the delay and thanks again!
This fix should solve the problems mentioned in https://github.com/chvancooten/follina.py/issues/21 The new solution embeds and OLE2Link Object within the RTF which is the correct and valid way to execute the exploit. I did this using the following repo https://github.com/bhdresh/CVE-2017-0199
A new problem which arose and I am unable to solve (at the moment) is that the RTF requests to update the links embedded within the OLE object, clicking 'Yes' launches the exploit. While the \objupdate modifier in the RTF file should fix this issue.. it does not - I am currently attempting to understand why.