office 2010 test is failed

[loveshell]

Hi unamer Thank you for seeing this issue。

test env：

OS: Windows2008 R2
Office：Microsoft Office Professional Plus 2010

generate vuln.rtf

python CVE-2017-11882.py -c "cmd.exe /c ipconfig >c:\windows\temp\1.txt" -o vuln.rtf

test is failed after open vuln.rtf ，no c:\windows\temp\1.txt

but i test https://github.com/Ridter/CVE-2017-11882/blob/master/Command43b_CVE-2017-11882.py is ok。

expecting your reply!

Thanks regards

[rip1s]

Are you confirm that you cloned the newest update?

I fix a bug in command execution in last commit.

Now your command works in my meachine

[loveshell]

yeah, i used newest update failed。 your test env is same？

[rip1s]

No. I'm using Office Pro plus 2013 in Win10.

Can you provide your exploit that fails?

[loveshell]

python CVE-2017-11882.py -c "cmd.exe /c ipconfig >c:\windows\temp\1.txt" -o vuln.rtf

my exploit url： https://mega.nz/#!trxWWLjA!OtZHHN-X9UjfZr0-pH0eF_KvU3ni7-rtE0Li8afvhHM

[rip1s]

Well. That exploit you uploaded actually works on my machine.

Maybe I will test Office 2010 later.

[rip1s]

I have tested Office 2010 Pro Plus in Win7 and my exploit works well.

I pop a calc.exe by rtf created by python CVE-2017-11882.py -c calc.exe -o test.rtf

[loveshell]

thx for your reply,unamer same commands generate calc poc url: https://mega.nz/#!4rpgmJyQ!LPkCqJ2aEsXzDCNwL1J1rXnHvKfmxp0PShTe088EeSI

test is failed ,if file is ok,maybe i have other problems. No matter what，i'm very thx for your help。😄

[rip1s]

Well. Can you debug the shellcode?

[roy-lion]

I test the same, no one can use.

[roy-lion]

Only 43 bytes can be used.

[rip1s]

@roy-lion What's your environment?

[roy-lion]

Office Pro 2007 in Win10.

The test is unsuccessful.

[rip1s]

Sorry for lately reply, but in my virtual machine(win7x64 Office 2007) , my exploit works fine.

Could u pls send your EQNEDT32.EXE to me?

Thanks