Skip to content
CVE-2018-8174 - VBScript memory corruption exploit.
Branch: master
Clone or download
Latest commit d6636e4 May 23, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
CVE-2018-8174.rb Update CVE-2018-8174.rb May 22, 2018
CVE-2018-8174.rtf Create CVE-2018-8174.rtf May 22, 2018
README.md

README.md

CVE-2018-8174-msf

This is a metasploit module which creates a malicious word document to exploit CVE-2018-8174 - VBScript memory corruption vulnerability.

This module is a very quick port and uses the exploit sample that was found in the wild. The exploit works only for Microsoft Office 32-bit.

There are a lot of things that need to get better at this module but I will update it in the future if I find some time.

Installation

  1. Copy the CVE-2018-8174.rb to /usr/share/metasploit-framework/modules/exploits/windows/fileformat/
  2. Copy the CVE-2018-8174.rtf to /usr/share/metasploit-framework/data/exploits/

The exploit doesn't work very well with meterpreter shellcode so it's better to use non-staged reverse shell.

Disclaimer

DO NOT USE THIS SOFTWARE FOR ILLEGALL PURPOSES.

THE AUTHOR DOES NOT KEEP ANY RESPONSIBILITY FOR ANY MISUSE OF THE CODE PROVIDED HERE.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.