Running CVE-2017-8759 exploit sample.
Switch branches/tags
Nothing to show
Clone or download
Latest commit 5738eb5 Sep 13, 2017
Failed to load latest commit information.
Doc1.doc added doc file with macro Sep 13, 2017
LICENSE Initial commit Sep 13, 2017 Update Sep 13, 2017
cmd.hta Add files via upload Sep 13, 2017
exploit.txt Add files via upload Sep 13, 2017


Running CVE-2017-8759 exploit sample.

Flow of the exploit:

Word macro runs in the Doc1.doc file. The macro downloads a badly formatted txt file over wsdl, which triggers the WSDL parser log. Then the parsing log results in running mshta.exe which in turn runs a powershell commands that runs mspaint.exe

To test:

Run a webserver on port 8080, and put the files exploit.txt and cmd.hta on its root. For example python -m SimpleHTTPServer 8080

If all is good mspaint should run.

Mohammed Aldoub @Voulnet