This Metasploit module exploits a vulnerability found in Microsoft Office's ClickOnce feature. When handling a Macro document, the application fails to recognize certain file extensions as dangerous executables, which can be used to bypass the warning message. This allows you to trick your victim into opening the malicious document, which will load up either a python or ruby payload based on your choosing, and then finally download and execute our executable.
0a79ccc75253fc54a4cbf99a7599c06f3f75c9e59c1385bd9c4f718868f83665
Proof of concept malicious .docm file that exploits the Microsoft Windows Assembly Execution vulnerability as described in MS12-005.
98bc8a29290ece74c67173b63b552c9c368c1ca5e2dadc7cc3c95eafdc97f3a9
A logic flaw has been found in the way .NET grants permissions to ClickOnce applications. Combined with relaxed security warnings when handling OLE Packages in Office 2007 allows for attackers to run arbitrary .NET assemblies with Full Trust permissions.
00e1066c2923521d1053ae01947493005e91c3b5cd22f3ffe201033ada37e948