rip1s
commented
5 years ago Well I haven't test office 2016 yet but is this bug exists in office 2016 ? Can you exploit this bug with others exploit ?
Open h34dw1nd opened 5 years ago
rip1s
commented
5 years ago Well I haven't test office 2016 yet but is this bug exists in office 2016 ? Can you exploit this bug with others exploit ?
h34dw1nd
commented
5 years ago From the Microsoft official announcement, this bug seems exist in Office 2016: https://support.microsoft.com/en-us/help/4011262/descriptionofthesecurityupdateforoffice2016november14-2017. I exploit this bug with 43b exp, 109b exp and 17k exp, they all just can pop-up calc.exe, but can't pop-up cmd.exe. Maybe on Office 2016, exp need to be re-constructed? Just a guess. Thx.
rip1s
commented
5 years ago Theoretically it should work as well.... maybe you can debug and inspect office process. I might not have time to do this recently lol. Maybe someday after this month....
Hi unamer, thanks for reading this issue. Test environment:
When I use command
python CVE-2017-11882.py -c calc.exe -o test_calc.rtfto generate rtf and test the vul, it does work. However, when I usepython CVE-2017-11882.py -c calc.exe -o test_cmd.rtfto test, cmd.exe doesn't open.test_calc.rtf: [https://mega.nz/#!xIcSyIIQ!fqBJJe6f-ts9RN9QE2TM3ATYhKk_qz1ofnIoFl8NGxk]() test_cmd.rtf: [https://mega.nz/#!xNVU3aSI!gBpiI-kXRmyGwk9ulyPn1NnbugiYP03zH3uJYpWXC3E]() eqnedt32.exe: [https://mega.nz/#!xNVU3aSI!gBpiI-kXRmyGwk9ulyPn1NnbugiYP03zH3uJYpWXC3E]()
Expect your reply! Thx!