Microsoft Excel – HFPicture Record Parsing Remote Code Execution

  • 作者: Abysssec
    日期: 2010-09-16
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/15019/
  • '''
________ __ ____
 |\/|/ __ \ /\| || |_ \ 
 | \/ | || | /\ | || | |_) |
 | |\/| | || |/ /\ \| || |_ <(day 16 binary anlysis)
 | || | |__| / ____ \ |__| | |_) |
 |_||_|\____/_/\_\____/|____/ 

'''

Title :Microsoft Excel HFPicture Record Parsing Remote Code Execution Vulnerability
Version :Excel 2002 SP3
Analysis:http://www.abysssec.com
Vendor:http://www.microsoft.com
Impact:High
Contact :shahin [at] abysssec.com , info[at] abysssec.com
Twitter :@abysssec
CVE :CVE-2010-1248

here is BA : http://www.exploit-db.com/maoub-16-microsoft-excel-hfpicture-record-parsing-remote-code-execution-vulnerability/
here is the PoC : https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/15019.rar (HFPicture_PoC.rar)