.NET v4 #4
Comments
|
Hi there Yeah it appears to be a limitation in DotNetToJScript. I can make it compile with auto flag but then I THINK it will only run on v4. |
|
May consider it later. I read it again and it says it has a dependency on wscript if I compile for v4. |
|
Thanks Vincent. Actually I think the issue is more in the way Office/Excel is not able to use the .NET v4 library. My test case is Fully Patched Windows 10 machine without .NET v2/3.5 with Office 2013 and have also tested with Office 2016. So, I have a COM scriptlet based on CactusTorch with the setversion() function and it works perfectly when I call regsvr32 and do the unregister trick: |
|
Perhaps, but it's worked for all of the testers. |
|
@craigsmooth did you find a solution to this issue? I too am having the exact same issue, with the execution halting during the call to CreateObject("System.IO.MemoryStream") |
Has this method been successful where only a .NET v4 runtime is present? For example from a default Windows 10 install with Excel 2013, the macro fails on:
Set stm = CreateObject("System.IO.MemoryStream")
The minute I add .NET v2, EXCEL calls the version 2 assembly just fine and runs my payload. Does Excel have known issues with calling the newest .NET v4 assembly? I notice the same behavior if I try to use a scriptlet and call:
Declare Function DllInstall Lib "scrobj.dll" (ByVal bInstall As Boolean, ByRef pszCmdLine As Any) As Long
I get an error on:
var enc = new ActiveXObject("System.Text.ASCIIEncoding");
If I call the same scriptlet with regsvr32 on Win10 (with only .NET v4) it runs just fine and my shellcode runs. I even see the .net 4 assembly loaded into regsvr32.exe. If I run the javascript standalone through the windows script host, it works fine. Only problem appears to be with Microsoft Office and the way it doesn't seem to be using the .NET v4 library. Thanks!
The text was updated successfully, but these errors were encountered: