948
VMScore

CVE-2017-8570

Published: 11/07/2017 Updated: 03/10/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 948
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftOffice2007, 2010, 2013, 2016

Exploits

## What? This repo contains a Proof of Concept exploit for CVE-2017-8570, aka the "Composite Moniker" vulnerability This demonstrates using the Packagerdll trick to drop an sct file into the %TEMP% directory, and then execute it using the primitive that the vulnerability provides Download: githubcom/offensive-security/exploitdb-bin- ...

Github Repositories

Office8570 Exploit toolkit CVE-2017-8570 - v10 Exploit toolkit CVE-2017-8570 - v10 is a handy python script which provides pentesters and security researchers a quick and effective way to exploit Microsoft Office PPSX RCE It could generate a malicious PPSX file and deliver metasploit / meterpreter / other payload to user without any complex configuration Video tutorial (for

用法: 下载脚本后修改attack_ip为kali的ip,LPORT为msf要监听的端口,DIR为任意空目录 给脚本777的权限 chmod 777 auto 然后运行脚本 /auto 然后在DIR+Office8570 目录下找到Invoiceppsx文件,将其发送给被攻击者 被攻击者打开Invoiceppsx文件后会利用powershell下载shellexe,然后会返回一个meterpreter

Office8570 Exploit toolkit CVE-2017-8570 - v10 Exploit toolkit CVE-2017-8570 - v10 is a handy python script which provides pentesters and security researchers a quick and effective way to exploit Microsoft Office PPSX RCE It could generate a malicious PPSX file and deliver metasploit / meterpreter / other payload to user without any complex configuration Video tutorial (for

Office-CVE-2017-8570

Office-CVE-2017-8570

来源:wwwexploit-dbcom/exploits/44263/ 使用方法:python packager_composite_monikerpy -s calcsct -o examplertf What? This repo contains a Proof of Concept exploit for CVE-2017-8570, aka the "Composite Moniker" vulnerability This demonstrates using the Packagerdll trick to drop an sct file into the %TEMP% directory, and then execute it using the

Introduction By Temesgen Yibeltal temu1yibeltal@gmailcom (Based on code by githubcom/bhdresh/CVE-2017-8570 (now removed)) ppsx-file-generator is a python tool that generates a power point slide show file that executes code from a remote source based on an existing file What does it do? The tool generates a power point slide show file and an xml file based using the i

What? This repo contains a Proof of Concept exploit for CVE-2017-8570, aka the "Composite Moniker" vulnerability This demonstrates using the Packagerdll trick to drop an sct file into the %TEMP% directory, and then execute it using the primitive that the vulnerability provides Why? A few reasons I wanted to see if it was possible to use the Packagerdll file-dr

What? This repo contains a Proof of Concept exploit for CVE-2017-8570, aka the "Composite Moniker" vulnerability This demonstrates using the Packagerdll trick to drop an sct file into the %TEMP% directory, and then execute it using the primitive that the vulnerability provides Why? A few reasons I wanted to see if it was possible to use the Packagerdll file-dr

office-exploits 本仓库维护目前已知的 MS Office 漏洞,欢迎大家提交 pull request 漏洞列表 CVE-2017-8570 CVE-2017-8759 CVE-2017-11882 CVE-2018-0802 DDEAUTO 其他通过注入执行命令的方式 其他漏洞 以下漏洞还未测试 CVE-2017-0199 webSettingsxml 获取 NTLM SSP hash macro 工具 生成、混淆 Shellntel/luckystrike - A PowerShell base

office-exploits 本仓库维护目前已知的 MS Office 漏洞,欢迎大家提交 pull request 漏洞列表 CVE-2017-8570 CVE-2017-8759 CVE-2017-11882 CVE-2018-0802 DDEAUTO 其他通过注入执行命令的方式 其他漏洞 以下漏洞还未测试 CVE-2017-0199 thom-s/docx-embeddedhtml-injection - This PowerShell script exploits a known vulnerability in Word 2016 docum

This tool kit is very much influenced by infosecn1nja's kit Use this script to grab majority of the repos NOTE: hard coded in /opt and made for Kali Linux Total Size (so far): 25+Gb Install Guide: apt -y install git apache2 python-requests libapache2-mod-php python-pymssql build-essential python-pexpect python-pefile python-crypto python-openssl libssl10-dev libffi-dev

office-exploits 本仓库维护目前已知的 MS Office 漏洞,欢迎大家提交 pull request 漏洞列表 CVE-2017-8570 CVE-2017-8759 CVE-2017-11882 CVE-2018-0802 DDEAUTO 其他通过注入执行命令的方式 其他漏洞 以下漏洞还未测试 CVE-2017-0199 thom-s/docx-embeddedhtml-injection - This PowerShell script exploits a known vulnerability in Word 2016 docum

Red Teaming/Adversary Simulation Toolkit A collection of open source and commercial tools that aid in red team operations This repository will help you during red team engagement If you want to contribute to this list send me a pull request Contents Reconnaissance Weaponization Delivery Command and Control Lateral Movement Establish Foothold Escalate Privileges Data Exfil

This tool kit is very much influenced by infosecn1nja's kit Use this script to grab majority of the repos NOTE: hard coded in /opt and made for Kali Linux Total Size (so far): 25G Contents Reconnaissance Weaponization Delivery Command and Control Lateral Movement Establish Foothold Escalate Privileges Data Exfiltration Misc References Reconnaissance Active Intelligenc

Red Teaming/Adversary Simulation Toolkit A collection of open source and commercial tools that aid in red team operations This repository will help you during red team engagement If you want to contribute to this list send me a pull request Contents Reconnaissance Weaponization Delivery Command and Control Lateral Movement Establish Foothold Escalate Privileges Data Exfil

Red Teaming/Adversary Simulation Toolkit A collection of open source and commercial tools that aid in red team operations This repository will help you during red team engagement If you want to contribute to this list send me a pull request Contents Reconnaissance Weaponization Delivery Command and Control Lateral Movement Establish Foothold Escalate Privileges Data Exfil

Red Teaming/Adversary Simulation Toolkit A collection of open source and commercial tools that aid in red team operations This repository will help you during red team engagement If you want to contribute to this list send me a pull request Contents Reconnaissance Weaponization Delivery Command and Control Lateral Movement Establish Foothold Escalate Privileges Data Exfil

区块链生态被黑统计 参考来源 EOS 假充值(hard_fail 状态攻击)红色预警细节披露与修复方案 paperseebugorg/853/ 渗透测试不同阶段的工具收集整理 侦察阶段 主动情报收集 EyeWitness:可用于网站截图,以及提供一些服务器头信息,并在可能的情况下识别默认凭据。githubcom/ChrisTruncer/

Red Teaming/Adversary Simulation Toolkit A collection of open source and commercial tools that aid in red team operations This repository will help you during red team engagement If you want to contribute to this list send me a pull request Contents Reconnaissance Weaponization Delivery Command and Control Lateral Movement Establish Foothold Escalate Privileges Data Exfil

awesome-windows-security-development Forked from ExpLife/awesome-windows-kernel-security-developmentbutHe deleted Welcome add project or something to list(ple use issuse) windows kernel driver with c++ runtime githubcom/ExpLife/DriverSTL githubcom/sysprogs/BazisLib githubcom/AmrThabet/winSRDF githubcom/sidyhe/dxx githubcom/zer0m

CVE-2017-8759 This repo contains sample exploits for CVE-2017-8759 for Microsoft PowerPoint, along with a description of how similar vulnerabilities were, and can, be exploited using the same techniques Some background The aim of publishing this repo is to highlight alternative exploitation techniques that defenders may currently be unaware of By highlighting these alternativ

awesome-windows-security-development Forked from ExpLife/awesome-windows-kernel-security-developmentbutHe deleted windows kernel driver with c++ runtime githubcom/ExpLife/DriverSTL githubcom/sysprogs/BazisLib githubcom/AmrThabet/winSRDF githubcom/sidyhe/dxx githubcom/zer0mem/libc githubcom/eladraz/XDK githubcom

awesome-windows-kernel-security-development windows kernel driver with c++ runtime githubcom/HoShiMin/Kernel-Bridge githubcom/wjcsharp/Common  githubcom/ExpLife/DriverSTL githubcom/sysprogs/BazisLib githubcom/AmrThabet/winSRDF githubcom/sidyhe/dxx githubcom/zer0mem/libc githubcom/eladraz/XDK

MicroSoft Office RCEs A collection of MicroSoft Office vulnerabilities that could end up remote command execution CVE-2012-0158 CVE-2015-1641(customXML type confusion) CVE-2016-7193(dfrxst) CVE-2017-0199 CVE-2017-8570 CVE-2017-8759(NET Framework) CVE-2017-11182 CVE-2017-11826(EQNEDT32EXE) CVE-2018-0802(EQNEDT32EXE again) CVE-2018-0797(RTF UAF) CVE-2018-8597(Excel) CVE-2018

office-exploit-case-study Most samples are malware used in the real world,please study them in virtual machineTake responsibility yourself if you use them for illegal purposesSamples should match hash in corresponding paper if mentionedExploits before 2012 not includedFeel free to open issues if you have any questions What did Microsoft do to make office more secure? 1Dat

office-exploit-case-study Collection of office exploit used in the real world recent years with samples and writeup,please study them in virtual machineTake responsibility yourself if you use them for illegal purposesSamples should match hash in corresponding writeup if mentioned If you are looking for more poc(reported by researchers and never used in the real world),you ca

awesome-windows-kernel-security-development pe file format githubcom/corkami/pics meltdown/spectre poc githubcom/turbo/KPTI-PoC-Collection githubcom/gkaindl/meltdown-poc githubcom/feruxmax/meltdown githubcom/Eugnis/spectre-attack lightweight c++ gui library githubcom/zlgopen/awtk githubcom/idea4good/GuiLite htt

项目简介 一个 Red Team 攻击的生命周期,整个生命周期包括: 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、在所有攻击结束之后清理并退出战场。 相关资源列表 mitre-attackgithubio/ mitre科技机构对

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Arduino Assembly AutoHotkey AutoIt Batchfile C C# C++ CSS CoffeeScript Dockerfile Emacs Lisp Erlang Game Maker Language Go HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx Objective-C Objective-C++ Others PHP PLpgSQL Pascal Perl PostScri

项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、擦痕迹。 安全相关资源列表 arxivorg 康奈尔大学(Cornell University)开放文档 githubcom/sindresorhus/awesome awesome系列 wwwowasporgcn/owasp-pr

项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、擦痕迹。 address | introduce | -|-|- 名字 | 介绍 | 安全相关资源列表 arxivorg 康奈尔大学(Cornell University)开放文档 githubcom/sindresorhus/awesome

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

IT threat evolution Q3 2019. Statistics
Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Boris Larin Oleg Kupreev Evgeny Lopatin • 29 Nov 2019

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data.
According to Kaspersky Security Network:
In Q3 2019, we discovered an extremely unpleasant incident with the popular CamScanner app on Google Play. The new version of the app contained an ad library inside with the Trojan dropper Necro built in. Judging by the reviews on Google Play, the dropper’s task was to activate paid subscriptions, although it ...

Raccoon Stealer Malware Scurries Past Microsoft Messaging Gateways
Threatpost • Tom Spring • 22 Nov 2019

Criminals behind malware dubbed Raccoon Stealer have adopted a simple and effective technique to circumvent Microsoft and Symantec anti-spam messaging gateways. The technique has been used in a recent campaign targeting financial institutions via business email compromise (BEC) attacks.
According to a Cofense report posted Thursday, the malware is delivered inside an .IMG file hosted on a hacker-controlled Dropbox account.
“Using the familiar theme of a wire transfer—closely akin...

IT threat evolution Q2 2019. Statistics
Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Boris Larin Oleg Kupreev Evgeny Lopatin • 19 Aug 2019

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data.
According to Kaspersky Security Network,
Q2 2019 will be remembered for several events.
First, we uncovered a large-scale financial threat by the name of Riltok, which targeted clients of not only major Russian banks, but some foreign ones too.
Second, we detected the new Trojan.AndroidOS.MobOk malware, tasked with stealing money from mobil...

IT threat evolution Q1 2019. Statistics
Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Boris Larin Oleg Kupreev Evgeny Lopatin • 23 May 2019

These statistics are based on detection verdicts of Kaspersky Lab products received from users who consented to provide statistical data.
According to Kaspersky Security Network,
Q1 2019 is remembered mainly for mobile financial threats.
First, the operators of the Russia-targeting Asacub Trojan made several large-scale distribution attempts, reaching up to 13,000 unique users per day. The attacks used active bots to send malicious links to contacts in already infected smartpho...

80% of the Top Exploited Vulnerabilities Targeted Microsoft in 2018
BleepingComputer • Sergiu Gatlan • 19 Mar 2019

Eight out of the top ten vulnerabilities exploited by cybercriminals as part of phishing, exploit kits, or remote access trojan (RAT) attacks during 2018 targeted Microsoft's software products, continuing a trend started in 2017.
As detailed in a report by Recorded Future's Kathleen Kuczma, Microsoft continues to be the main target of malicious actors following a similarly "busy" 2017 when the top exploited vulnerabilities changed focus from Adobe's Flash Player.
While the number of ...

Cobalt Group Pushes Revamped ThreadKit Malware
Threatpost • Tom Spring • 11 Dec 2018

Despite the high profile arrest earlier this year of the Cobalt Group ringleader, the threat actors behind the hacking collective are slowly ramping up their malicious behavior. In a new analysis of the threat group, known for its widespread attacks against banks in Eastern Europe over the past several years, the Cobalt Group has recently been observed updating its arsenal with a new version of the ThreadKit malware.
In a report issued by security firm Fidelis on Tuesday (PDF), researchers...

IT threat evolution Q2 2018. Statistics
Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Alexander Liskin Oleg Kupreev • 06 Aug 2018

According to KSN:
In Q2 2018, Kaspersky Lab detected 1,744,244 malicious installation packages, which is 421,666 packages more than in the previous quarter.

Among all the threats detected in Q2 2018, the lion’s share belonged to potentially unwanted RiskTool apps (55.3%); compared to the previous quarter, their share rose by 6 p.p. Members of the RiskTool.AndroidOS.SMSreg family contributed most to this indicator.
Second place was taken by Trojan-Dropper threats (13%),...

Despite Ringleader’s Arrest, Cobalt Group Still Active
Threatpost • Tara Seals • 28 May 2018

Evidence has surfaced that the Cobalt Group – the threat actors behind widespread attacks on banks and ATM jackpotting campaigns across Europe – is continuing to operate, despite the arrest of its accused ringleader in March.
The Cobalt Group, first burst on the scene in 2016: in a single night, the group stole the equivalent of over $32,000 (in local currency) from six ATMs in Eastern Europe. Throughout 2017 the group expanded its focus to financial-sector phishing schemes and new re...

IT threat evolution Q1 2018. Statistics
Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Alexander Liskin Oleg Kupreev • 14 May 2018

According to KSN:
In Q1 2018, DNS-hijacking, a new in-the-wild method for spreading mobile malware on Android devices, was identified. As a result of hacked routers and modified DNS settings, users were redirected to IP addresses belonging to the cybercriminals, where they were prompted to download malware disguised, for example, as browser updates. That is how the Korean banking Trojan Wroba was distributed.
It wasn’t a drive-by-download case, since the success of the attack larg...

The King is dead. Long live the King!
Securelist • Vladislav Stolyarov Boris Larin Anton Ivanov • 09 May 2018

In late April 2018, a new zero-day vulnerability for Internet Explorer (IE) was found using our sandbox; more than two years since the last in the wild example (CVE-2016-0189). This particular vulnerability and subsequent exploit are interesting for many reasons. The following article will examine the core reasons behind the latest vulnerability, CVE-2018-8174.
Our story begins on VirusTotal (VT), where someone uploaded an interesting exploit on April 18, 2018. This exploit was detected by...

Word Attachment Delivers FormBook Malware, No Macros Required
Threatpost • Tom Spring • 09 Apr 2018

A new wave of document attacks targeting inboxes do not require enabling macros in order for adversaries to trigger an infection chain that ultimately delivers FormBook malware.
Researchers at Menlo Security are reporting a wave of attacks that began last month that are targeting financial and information service sectors in the Middle East and United States. The method of infection includes a new multi-stage infection technique.
The company, which released details of the method Monda...

IT threat evolution Q3 2017. Statistics
Securelist • Roman Unuchek Fedor Sinitsyn Denis Parinov Alexander Liskin • 10 Nov 2017

According to KSN data, Kaspersky Lab solutions detected and repelled 277,646,376 malicious attacks from online resources located in 185 countries all over the world.
72,012,219 unique URLs were recognized as malicious by web antivirus components.
Attempted infections by malware that aims to steal money via online access to bank accounts were registered on 204,388 user computers.
Crypto ransomware attacks were blocked on 186283 computers of unique users.
Kaspersky Lab’s ...