Posts Tagged ‘office’

Microsoft Office DDE Payload Delivery

This Metasploit module generates an DDE command to place within a word document, that when executed, will retrieve a HTA payload via HTTP from an web server. Source: Microsoft Office DDE Payload Delivery


Microsoft Office 2007 Groove Security Bypass / Code Execution

Microsoft Office 2007 Groove contains a security bypass issue regarding ‘Workspace Shortcut’ files (.GLK) because it allows arbitrary (registered) URL Protocols to be passed, when only ‘grooveTelespace://’ URLs should be allowed, which allows execution of arbitrary code upon opening a ‘GLK’ file. Source: Microsoft Office 2007 Groove Security Bypass / Code Execution


Microsoft Office Word Malicious Hta Execution

This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how an olelink object can make a http(s) request, and execute hta code in response. This bug was originally seen being exploited in the wild starting in Oct 2016. […]