Published: 11/07/2017 Updated: 03/10/2019

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 939

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft office 2007
microsoft office 2010
microsoft office 2013
microsoft office 2016

## What? This repo contains a Proof of Concept exploit for CVE-2017-8570, aka the "Composite Moniker" vulnerability This demonstrates using the Packagerdll trick to drop an sct file into the %TEMP% directory, and then execute it using the primitive that the vulnerability provides Download: githubcom/offensive-security/exploitdb-bin- ...

CVE20178570

Office8570 Exploit toolkit CVE-2017-8570 - v10 Exploit toolkit CVE-2017-8570 - v10 is a handy python script which provides pentesters and security researchers a quick and effective way to exploit Microsoft Office PPSX RCE It could generate a malicious PPSX file and deliver metasploit / meterpreter / other payload to user without any complex configuration Video tutorial (for

Proof of Concept exploit for CVE-2017-8570

What? This repo contains a Proof of Concept exploit for CVE-2017-8570, aka the "Composite Moniker" vulnerability This demonstrates using the Packagerdll trick to drop an sct file into the %TEMP% directory, and then execute it using the primitive that the vulnerability provides Why? A few reasons I wanted to see if it was possible to use the Packagerdll file-dr

“小黄鸭”挖矿组织报告

起底“APT”挖矿组织——“小黄鸭”LemonDuck [TOC] 摘要近期，我们监测到多起利用钓鱼邮件、漏洞利用传播，进行加密数字货币挖掘的蠕虫攻击活动。经研究人员分析后将这一系列攻击活动定义为商业化APT行为，我们将这一系列活动背后的组织命名为“小黄鸭”。

CVE-2017-8570生成脚本(CVE-2017-0199另一种利用方式)

来源：wwwexploit-dbcom/exploits/44263/ 使用方法：python packager_composite_monikerpy -s calcsct -o examplertf What? This repo contains a Proof of Concept exploit for CVE-2017-8570, aka the "Composite Moniker" vulnerability This demonstrates using the Packagerdll trick to drop an sct file into the %TEMP% directory, and then execute it using the

CVE-2017-8570 Exp改造及样本分析

CVE-2017-8570_Exppy Reference:githubcom/rxwx/CVE-2017-8570 Changes: Usage: python2 CVE-2017-8570_Exppy -s writesct -e writeexe -o writertf [+] RTF file written to: writertf

NCC Group's analysis and exploitation of CVE-2017-8759 along with further refinements

CVE-2017-8759 This repo contains sample exploits for CVE-2017-8759 for Microsoft PowerPoint, along with a description of how similar vulnerabilities were, and can, be exploited using the same techniques Some background The aim of publishing this repo is to highlight alternative exploitation techniques that defenders may currently be unaware of By highlighting these alternativ

Mis-311 project and presentation files.

MIS-311-Project Mis-311 project and presentation files INTRODUCTION Cyber attacks today have become as sophisticated as can be Taking necessary precautions against these attacks is an important element for corporate security There are many attack methodologies to predict the attacker's behavior during defense Cyber attacks, which have become widespread in the current p

Rapid Deployment Infrastructure for Red Teaming and Penetration Testing

Kraken: Rapid Deployment Infrastructure for Red Teaming and Penetration Testing (aka: KrakenRDI) KrakenRDI is a project to easily deploy Docker containers with a full toolbox for RedTeaming and Penetration Testing Using KrakenRDI you don't need to waste time creating and setting up the environment for you and/or your team Using KrakenRDI there's more than 50 tools a

Office-CVE-2017-8570

Research-Exploit-Office Reference wwwnccgrouptrust/uk/about-us/newsroom-and-events/blogs/2018/june/cve-2017-8570-rtf-and-the-sisfader-rat/ tradahackingvn/another-malicious-document-with-cve-2017-11882-839e9c0bbf2f successtrendmicrocom/solution/1123612-cve-2017-8570-vulnerability-downloads-high-profile-malware whitehatvn/threads/microsoft-ph

ppsx file generator for cve-2017-8570 (based on bhdresh/cve-2017-8570)

Introduction By Temesgen Yibeltal temu1yibeltal@gmailcom (Based on code by githubcom/bhdresh/CVE-2017-8570 (now removed)) ppsx-file-generator is a python tool that generates a power point slide show file that executes code from a remote source based on an existing file What does it do? The tool generates a power point slide show file and an xml file based using the i

Office-CVE-2017-8570

IT threat evolution in Q3 2023. Non-mobile statistics

Securelist • AMR • 01 Dec 2023

These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2023: Kaspersky solutions blocked 694,400,301 attacks from online resources across the globe. A total of 169,194,807 unique links were recognized as malicious by Web Anti-Virus components. Attempts to run malware for stealing money from online bank accounts were stopped on the com...

Securelist • AMR • 30 Aug 2023

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q2 2023: Kaspersky solutions blocked 801,934,281 attacks from online resources across the globe. A total of 209,716,810 unique links were detected by Web ...

Securelist • AMR • 07 Jun 2023

IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q1 2023: Kaspersky solutions blocked 865,071,227 attacks launched from online resources across the globe. Web Anti-Virus detected 246,912,694 unique URLs ...

Securelist • AMR • 15 Aug 2022

IT threat evolution in Q2 2022 IT threat evolution in Q2 2022. Non-mobile statistics IT threat evolution in Q2 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q2 2022: Kaspersky solutions blocked 1,164,544,060 attacks from online resources across the globe. Web Anti-Virus recognized 273,033,368 unique URLs as ma...

Securelist • AMR • 27 May 2022

IT threat evolution in Q1 2022 IT threat evolution in Q1 2022. Non-mobile statistics IT threat evolution in Q1 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q1 2022: Kaspersky solutions blocked 1,216,350,437 attacks from online resources across the globe. Web Anti-Virus recognized 313,164,030 unique URLs as ma...

Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Oleg Kupreev Evgeny Lopatin Alexey Kulaev Alexander Kolesnikov • 20 Nov 2020

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. According to Kaspersky Security Network, in Q3: In Q3 2020, Kaspersky solutions blocked attempts to launch one or more types of malware designed to steal money from bank accounts on the computers of 146,761 users. !function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&w...

Securelist • Victor Chebyshev Evgeny Lopatin Fedor Sinitsyn Denis Parinov Oleg Kupreev Alexey Kulaev Alexander Kolesnikov • 03 Sep 2020

IT threat evolution Q2 2020. Review IT threat evolution Q2 2020. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. According to Kaspersky Security Network, in Q2: In Q2 2020, Kaspersky solutions blocked attempts to launch one or more types of malware designed to steal money from bank accounts on the computers of 181,725 users. !function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("s...

Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Oleg Kupreev Evgeny Lopatin Alexey Kulaev • 20 May 2020

These statistics are based on detection verdicts for Kaspersky products received from users who consented to providing statistical data. According to Kaspersky Security Network, Q1 2020 will be remembered primarily for the coronavirus pandemic and cybercriminals’ exploitation of the topic. In particular, the creators of a new modification of the Ginp banking trojan renamed their malware Coronavirus Finder and then began offering it for €0.75 disguised as an app supposedly capable of detectin...

Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Boris Larin Oleg Kupreev Evgeny Lopatin • 29 Nov 2019

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. According to Kaspersky Security Network: In Q3 2019, we discovered an extremely unpleasant incident with the popular CamScanner app on Google Play. The new version of the app contained an ad library inside with the Trojan dropper Necro built in. Judging by the reviews on Google Play, the dropper’s task was to activate paid subscriptions, although it could delive...

Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Boris Larin Oleg Kupreev Evgeny Lopatin • 19 Aug 2019

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. According to Kaspersky Security Network, Q2 2019 will be remembered for several events. First, we uncovered a large-scale financial threat by the name of Riltok, which targeted clients of not only major Russian banks, but some foreign ones too. Second, we detected the new Trojan.AndroidOS.MobOk malware, tasked with stealing money from mobile accounts through explo...

Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Boris Larin Oleg Kupreev Evgeny Lopatin • 23 May 2019

These statistics are based on detection verdicts of Kaspersky Lab products received from users who consented to provide statistical data. According to Kaspersky Security Network, Q1 2019 is remembered mainly for mobile financial threats. First, the operators of the Russia-targeting Asacub Trojan made several large-scale distribution attempts, reaching up to 13,000 unique users per day. The attacks used active bots to send malicious links to contacts in already infected smartphones. The mailings ...

Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Alexander Liskin Oleg Kupreev • 06 Aug 2018

According to KSN: In Q2 2018, Kaspersky Lab detected 1,744,244 malicious installation packages, which is 421,666 packages more than in the previous quarter. Among all the threats detected in Q2 2018, the lion’s share belonged to potentially unwanted RiskTool apps (55.3%); compared to the previous quarter, their share rose by 6 p.p. Members of the RiskTool.AndroidOS.SMSreg family contributed most to this indicator. Second place was taken by Trojan-Dropper threats (13%), whose share fell by 7 p....

Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Alexander Liskin Oleg Kupreev • 14 May 2018

According to KSN: In Q1 2018, DNS-hijacking, a new in-the-wild method for spreading mobile malware on Android devices, was identified. As a result of hacked routers and modified DNS settings, users were redirected to IP addresses belonging to the cybercriminals, where they were prompted to download malware disguised, for example, as browser updates. That is how the Korean banking Trojan Wroba was distributed. It wasn’t a drive-by-download case, since the success of the attack largely depended ...

Securelist • Vladislav Stolyarov Boris Larin Anton Ivanov • 09 May 2018

In late April 2018, a new zero-day vulnerability for Internet Explorer (IE) was found using our sandbox; more than two years since the last in the wild example (CVE-2016-0189). This particular vulnerability and subsequent exploit are interesting for many reasons. The following article will examine the core reasons behind the latest vulnerability, CVE-2018-8174. Our story begins on VirusTotal (VT), where someone uploaded an interesting exploit on April 18, 2018. This exploit was detected by sever...

Securelist • Roman Unuchek Fedor Sinitsyn Denis Parinov Alexander Liskin • 10 Nov 2017

According to KSN data, Kaspersky Lab solutions detected and repelled 277,646,376 malicious attacks from online resources located in 185 countries all over the world. 72,012,219 unique URLs were recognized as malicious by web antivirus components. Attempted infections by malware that aims to steal money via online access to bank accounts were registered on 204,388 user computers. Crypto ransomware attacks were blocked on 186283 computers of unique users. Kaspersky Lab’s file antivirus detected ...

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources We're number one! We're number one! We're...

It's generally accepted that security flaws in Microsoft's products are a top magnet for crooks and fraudsters: its sprawling empire of hardware and software is a target-rich ecosystem in that there is a wide range of bugs to exploit, and a huge number of vulnerable organizations and users. And so we can believe it when Qualys yesterday said 15 of the 20 most-exploited software vulnerabilities it has observed are in Microsoft's code. These are the vulnerabilities abused by miscreants to infect v...

Get Started

CVE-2017-8570

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect