what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 56 RSS Feed

Files

Microsoft Word Record Parsing Buffer Overflow
Posted Aug 21, 2010
Authored by Abhishek Sahni

Microsoft Word record parsing buffer overflow exploit. This takes advantage of the vulnerability discussed in MS-09-027 and spawns calc.exe.

tags | exploit, overflow
SHA-256 | 5ce0494b7edf372d7ed3fb35b198550514a5f69d6d09412735f4c2291c63088d

Related Files

Microsoft Word Remote Code Execution
Posted Apr 14, 2023
Authored by nu11secur1ty

Microsoft Word appears to suffer from a remote code execution vulnerability when a user load a malicious file that reaches out to an attacker-controller server to get a hostile payload.

tags | exploit, remote, code execution
advisories | CVE-2023-28311
SHA-256 | 8ab600383b2980700b22b249418126bff6776fde4672ab8d2e1bbd8b3c50a7f2
Microsoft Office Word MSDTJS Code Execution
Posted Jun 7, 2022
Authored by Ramella Sebastien, nao sec | Site metasploit.com

This Metasploit module generates a malicious Microsoft Word document that when loaded, will leverage the remote template feature to fetch an HTML document and then use the ms-msdt scheme to execute PowerShell code.

tags | exploit, remote
advisories | CVE-2022-30190
SHA-256 | dfd70a501deb66860bda3d2c8fb70eb21aec791b445093014e637e57d9f6c39c
Microsoft Word (2016) Deceptive File Reference
Posted Jun 17, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

When a Microsoft Word ".docx" File contains a hyperlink to another file, it will run the first file it finds in that directory with a valid extension. But will present to the end user an extension-less file in its Security warning dialog box without showing the extension type. If another "empty" file of the same name as the target executable exists but has no file extension. Because the extension is suppressed it makes the file seem harmless and the file can be masked to appear as just a folder etc. This can potentially trick user into running unexpected code, but will only work when you have an additional file of same name with NO extension on it.

tags | exploit
SHA-256 | 18d464c17f780a09e712727343af4ef6b58086ae39ba369df2476dd841db2172
Microsoft Office Word Malicious Hta Execution
Posted Apr 24, 2017
Authored by Haifei Li, Didier Stevens, sinn3r, Nixawk, ryHanson, vysec, wdormann | Site metasploit.com

This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how an olelink object can make a http(s) request, and execute hta code in response. This bug was originally seen being exploited in the wild starting in Oct 2016. This Metasploit module was created by reversing a public malware sample.

tags | exploit, web, code execution
advisories | CVE-2017-0199
SHA-256 | 7e6b9ea3c2f7098466493a6d04a3625fe49a4a591628f01dcefb67c6615f8b03
Microsoft Word RTF Remote Code Execution
Posted Apr 17, 2017
Authored by Bhadresh Patel

Microsoft Word RTF remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2017-0199
SHA-256 | e3af621ee635b743874aebf34413bfde2f9b300518dd7ab7af4dfce56b891d5c
Windows / Mac Microsoft Word Denial Of Service
Posted Jun 9, 2016
Authored by halsten

Microsoft Word denial of service proof of concept. Let Word recover it, its essential, and then you can trigger the bug afterwards in 3 ways - Save, Close/Save, change format.

tags | exploit, denial of service, proof of concept
systems | linux
SHA-256 | 1028cf2faffc6436fe6d108cb2c194b3facceb9adbea7d1303ede10dd174a785
MS14-017 Microsoft Word RTF Object Confusion
Posted Apr 9, 2014
Authored by Haifei Li, Spencer McIntyre | Site metasploit.com

This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a listoverridecount field can be modified to treat one structure as another. This bug was originally seen being exploited in the wild starting in April 2014. This Metasploit module was created by reversing a public malware sample.

tags | exploit, code execution
advisories | CVE-2014-1761
SHA-256 | dc312c58b345cdc30586c860d412b91fcac1d29d8b039194c3e389f62ccf5683
Debian Security Advisory 2315-1
Posted Oct 5, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2315-1 - Red Hat, Inc. security researcher Huzaifa Sidhpurwala reported multiple vulnerabilities in the binary Microsoft Word (doc) file format importer of OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft(R) Office.

tags | advisory, vulnerability
systems | linux, redhat, debian
advisories | CVE-2011-2713
SHA-256 | 7e12e472d04dd6a6d14e0ca41b6ada38d2f210a8a678b5e04950aec0a8c3778f
Apple Security Advisory 2011-07-20-2
Posted Jul 25, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-07-20-2 - An iWork 9.1 update addresses multiple security issues. A buffer overflow existed in the handling of Excel files. Opening a maliciously crafted Excel file in Numbers may lead to an unexpected application termination or arbitrary code execution. A memory corruption issue existed in the handling of Excel files. Opening a maliciously crafted Excel file in Numbers may lead to an unexpected application termination or arbitrary code execution. A memory corruption issue existed in the handling of Microsoft Word documents. Opening a maliciously crafted Microsoft Word document in Pages may lead to an unexpected application termination or arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | apple
advisories | CVE-2010-3785, CVE-2010-3786, CVE-2011-1417
SHA-256 | a73deccbc64afb80a87bd72b01aefd8124e910e61fa03497792581196667db65
Oracle I-Recruitment Cross Site Scripting
Posted Jul 16, 2011
Authored by Aditya K Sood

A persistent cross site scripting vulnerability exists in the Oracle I-Recruitment portal. The account information page allows the user to upload his resume in Microsoft Word document. An attacker can construct a malicious MSWord file to conduct the attack by setting a cross site scripting payload in hyperlinks in order to bypass conversion filters. Versions 11.5.10.2, 12.0.6, and 12.1.3 are affected.

tags | advisory, xss
advisories | CVE-2010-2404
SHA-256 | 89565c921950ce4770fa5b14b519ba8f3361837b5def92e74ce9f346295f4bde
Microsoft Word RTF pFragments Stack Buffer Overflow
Posted Dec 29, 2010
Authored by wushi, jduck | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in the handling of the 'pFragments' shape property within the Microsoft Word RTF parser. All versions of Microsoft Office prior to the release of the MS10-087 bulletin are vulnerable. This Metasploit module does not attempt to exploit the vulnerability via Microsoft Outlook. The Microsoft Word RTF parser was only used by default in versions of Microsoft Word itself prior to Office 2007. With the release of Office 2007, Microsoft began using the Word RTF parser, by default, to handle rich-text messages within Outlook as well. It was possible to configure Outlook 2003 and earlier to use the Microsoft Word engine too, but it was not a default setting.

tags | exploit, overflow
advisories | CVE-2010-3333, OSVDB-69085
SHA-256 | c781a6b1c954888d98e9d2d99bf09fd7064aa318d76af4eac5e983b427860a6b
ACROS Security Problem Report 2010-11-10.2
Posted Nov 11, 2010
Authored by ACROS Security, Simon Raner | Site acrossecurity.com

ACROS Security Problem Report #2010-11-10-02 - A binary planting vulnerability in Microsoft Word 2010 for Windows allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.

tags | advisory, remote, local
systems | windows
advisories | CVE-2010-3337
SHA-256 | 39cad8e7dbdb46dd9950300db060a957a65f86625e02967c627e6fd585188855
iDEFENSE Security Advisory 2010-11-09.1
Posted Nov 10, 2010
Authored by iDefense Labs, wushi | Site idefense.com

iDefense Security Advisory 11.09.10 - Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code under the privileges of the targeted user. This vulnerability specifically exists in the handling of a specific control word in an RTF document. Under certain circumstances, Word will copy its property strings into a stack buffer without checking the length, which causes a stack buffer overflow. iDefense has confirmed the existence of this vulnerability in Microsoft Word 2003, Microsoft Word 2007, and Microsoft Outlook 2007.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-3333
SHA-256 | d4d9f9e20e9077a6175a55782b57058b141ca5e690b63999ac4ac7d7e985c23a
Secunia Security Advisory 41789
Posted Oct 12, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft Word 2003 and Word Viewer, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | c28e8c0310fa0330c4ddd57b13a7d9b22130fb2492905389b2707c1fd0473d51
Secunia Security Advisory 41785
Posted Oct 12, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Word 2002, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 88f526982ec98be7a4a7c89b0959986ee08053410110747dd63c8e4aab04f92f
Microsoft Office Word HTML Linked Objects Memory Corruption
Posted Aug 13, 2010
Authored by Rodrigo Rubira Branco

There exists a vulnerability within the way Microsoft Word handles html linked objects, which leads to attacker controlled memory write and code execution.

tags | advisory, code execution
advisories | CVE-2010-1903
SHA-256 | 388ef977d6d340327415d1bce4d0dccc5e9342fd13c3dfe272913b9f9aa483a9
iDEFENSE Security Advisory 2010-08-10.1
Posted Aug 12, 2010
Authored by iDefense Labs, wushi | Site idefense.com

iDefense Security Advisory 08.10.10 - Remote exploitation of a heap buffer overflow vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code under the privileges of the targeted user. This vulnerability specifically exists in the handling of some drawing object control words in an RTF document. Under certain circumstances, Word will copy a property value into a heap buffer without checking the length, which causes a heap buffer overflow. iDefense has confirmed the existence of this vulnerability in Microsoft Word 2003, Microsoft Word 2007, and Microsoft Outlook 2007. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-056.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-1902
SHA-256 | 25855763a2da9fa2593ee54ea20cb23b8412b955183bf26b2866e5577463f29d
iDEFENSE Security Advisory 2009-11-10.1
Posted Nov 17, 2009
Authored by iDefense Labs, Jun Mao | Site idefense.com

iDefense Security Advisory 11.10.09 - Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code with the privileges of the targeted user. This vulnerability occurs when Word parses the File Information Block (FIB) structure inside a Word document. When a malformed FIB structure is processed, a stack buffer overflow will occur which can lead to an exploitable condition. iDefense has confirmed fully patched Microsoft Word 2003 SP3, Microsoft Word XP SP3, Microsoft Word 2000 SP3 are vulnerable. Microsoft Word 2007 SP1 is not affected.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2009-3135
SHA-256 | fb02e8e8e484eae0536df20cc974d2730b906f2d936448bc99c5357711be4695
Zero Day Initiative Advisory 09-035
Posted Jun 10, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious e-mail, or open a malicious file. The specific flaw exists within the parsing of vulnerable tags inside a Microsoft Word document. Microsoft Word trusts a length field read from the file which is used to read file contents into a buffer allocated on the stack. When an invalid length is present, a stack based buffer overflow occurs, resulting in the ability to execute arbitrary code.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2009-0563
SHA-256 | 656b5c10b9f3f9f74e89cfce5b555fe8009029a331a8d20be798c15ce3a2a1fb
iDEFENSE Security Advisory 2009-04-14.1
Posted Apr 15, 2009
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 04.14.09 - Exploitation of a stack corruption vulnerability in Microsoft Corp.'s Word 2000 WordPerfect 6.x Converter could allow an attacker to execute code in the context of the current user. Microsoft Word is able to open documents created in other applications by transparently applying a filter module which converts them to a format Word can use. The WordPerfect 6.x converter from Office 2000 fails to perform sufficient sanity checking on input files. A maliciously constructed WordPerfect document can cause potentially exploitable stack corruption. iDefense Labs have confirmed that the WordPerfect 6.x converter (WPFT632.CNV, with file version 1998.1.27.0) in Microsoft Word 2000 Service Pack 3 is vulnerable. However, the version of this converter installed with Word 2003 is not affected by this vulnerability.

tags | advisory
advisories | CVE-2009-0088
SHA-256 | d7e06c594ee675783098ca1a2f12b2ee798b05b631ffdf21d98e79bb64fc7399
Core Security Technologies Advisory 2008.0228
Posted Dec 10, 2008
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - A vulnerability has been found in the way that Microsoft Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed record value. An attacker who successfully exploited this vulnerability could execute arbitrary code with the privileges of the user running the MS Word application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2008-0228
SHA-256 | 6f84551f3249c3aa35a7feb4f055de3b8c4220bfed506d6013db37f88a75caec
Zero Day Initiative Advisory 08-086
Posted Dec 9, 2008
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 08-086 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. Exploitation requires that the attacker coerce the target into opening a malicious .DOC file. The specific flaw exists when processing a malformed table property within a Microsoft Word document. User-supplied data is copied into a stack-based buffer using a size that is calculated from the contents of the property. Exploitation can result in arbitrary code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2008-4837
SHA-256 | f9764e5f351f435e4a8b86a0afa405425f780aa19ce2223fce8c81e0df4b132b
msword-xss.txt
Posted May 20, 2008
Authored by Juan Pablo Lopez Yacubian

Microsoft Word versions 2003 and 2007 are susceptible to crash and cross site scripting vulnerabilities via malicious javascript execution.

tags | exploit, javascript, vulnerability, xss
SHA-256 | 9450a478f4400a7b5a60736110807c1fa7a8a05c22051c2435fab168d53fed6e
iDEFENSE Security Advisory 2008-05-13.1
Posted May 13, 2008
Authored by iDefense Labs, Jun Mao | Site idefense.com

iDefense Security Advisory 05.13.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code with the privileges of the logged in user. This vulnerability exists in the way Word handles CSS rules in an HTML document. When the number of CSS selectors is above some specific amount, an unspecified object will be corrupted causing Word to access a memory region that has already been freed. iDefense has confirmed fully patched Microsoft Word 2003 SP2, Microsoft Word XP SP3, Microsoft Word 2000 SP3 are vulnerable. Microsoft Word 2003 SP3 and Microsoft Word 2007 do not appear to be affected. Microsoft reports that all supported versions of Word, Word Viewer, and Outlook 2007 are vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2008-1434
SHA-256 | 28de6edcab5bca871b515513d06ce332b7e6948f6328c74f3c8fa3cc3e056b41
mswordfori-vulns.txt
Posted Feb 14, 2008
Authored by Ruben Santamarta | Site reversemode.com

Microsoft Word 2003 is prone to a memory corruption vulnerability while parsing a specially crafted Word file. The vulnerability is caused by calculation errors while parsing certain fields within the barely documented, File Information Block (FIB). Fortinet Endpoint Solution For Enterprise, FortiClient is prone to a local privilege escalation due to the improper device filtering carried out by its filter driver, fortimon.sys.

tags | advisory, local
SHA-256 | ccdb4a7ba12daed204e5937fc64ff6cfdfc687f2f6d87262aed8224268f84dc6
Page 1 of 3
Back123Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close