var unreadAlerts = '1';
You have one unread private message from dkota titled Welcome to the Forum!

CVE-2023-21716 (Microsoft Word RCE) Python PoC
#1
CNA:  Microsoft Corporation
Base Score:  9.8 CRITICAL
Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Note:
It is a heap corruption vulnerability in Microsoft Word’s RTF parser that, if triggered, allows attackers to achieve remote code execution with the privileges of the victim. The flaw does not require prior authentication: attackers can simply send a booby-trapped RTF file to the victim(s) via email.
“Microsoft Office 2010 and later use Protected View to limit damage caused by malicious documents procured from untrusted sources. Protected View is in effect when this vulnerability manifests and thus an additional sandbox escape vulnerability would be required to gain full privileges


[You must reply to view this hidden content]
Report
#2
ok then
Reply Quote // Report
#3
Interesting!
Reply Quote // Report
#4
hello thnk you very much
Reply Quote // Report
#5
Let me try. Thanks.
Reply Quote // Report
#6
good.
Reply Quote // Report
#7
Reply Quote // Report
#8
Thanks for sharing!
Reply Quote // Report
#9
cyb Wrote: CNA:  Microsoft Corporation
Base Score:  9.8 CRITICAL
Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Note:
It is a heap corruption vulnerability in Microsoft Word’s RTF parser that, if triggered, allows attackers to achieve remote code execution with the privileges of the victim. The flaw does not require prior authentication: attackers can simply send a booby-trapped RTF file to the victim(s) via email.
“Microsoft Office 2010 and later use Protected View to limit damage caused by malicious documents procured from untrusted sources. Protected View is in effect when this vulnerability manifests and thus an additional sandbox escape vulnerability would be required to gain full privileges
lemmecheck
Reply Quote // Report
#10
have you exploited it?
Reply Quote // Report


Quick Reply
Message
Type your reply to this message here.



Possibly Related Threads…
Thread Author Replies Views Last Post
  CVE-2023-22809 sudo exploit cyb 62 702 Yesterday, 05:01 PM
Last Post: AmBa
  POC for CVE-2023-34362 affecting MOVEit Transfer DataBroker 0 41 06-13-2023, 12:28 AM
Last Post: DataBroker
  CVE-2023-29336 Win32k Privilege Escalation Vulnerability (PoC) DataBroker 0 44 06-10-2023, 08:03 PM
Last Post: DataBroker
  QueueJumper PoC - CVE-2023-21554 HeXsploit 1 144 06-03-2023, 01:19 PM
Last Post: ItzYesterday



Users browsing this thread: purely_cabbage
var thread_deleted = "0"; if(thread_deleted == "1") { $("#quick_reply_form, .new_reply_button, .thread_tools, .inline_rating").hide(); $("#moderator_options_selector option.option_mirage").attr("disabled","disabled"); }