Microsoft office 0day Exploit 2020

The constant threat: viruses, trojans, spyware, ... the list goes on

Microsoft office 0day Exploit 2020

Post by l33t-coder on Thu Apr 30, 2020 8:08 pm
([msg=103904]see Microsoft office 0day Exploit 2020[/msg])

1. Item name : Microsoft Office


2. Affected OS:
Windows 7 32/64bit , Windows 8.1 32/64bit , windows 10 32/64bit

3. Vulnerable Target application versions and reliability. If 32 bit only, is 64 bit vulnerable?
Microsoft Office 2007 SP3
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 RT Service Pack 1 0
Microsoft Word 2010 Service Pack 2 (64-bit editions) 0
Microsoft Word 2010 Service Pack 2 (32-bit editions) 0
Microsoft Office 2010 (64-bit edition) SP2
Microsoft Office 2010 (32-bit edition) SP2
Microsoft Word 2016 Service Pack 1 (64-bit editions)
Microsoft Word 2016 Service Pack 1 (32-bit editions)
Microsoft Office: 365 ProPlus


4. Does this exploit affect the current target version?
[ - ] No

5. Privilege Level Gained
[ - ] Medium


6. Minimum Privilege Level Required For Successful PE
[ - ] Medium


7. Exploit Type (select all that apply)
[ - ] Remote code execution


8. Delivery Method
[ - ] Via file

9. Bug Class
[ - ] memory corruption


12. Number of bugs exploited in the item: 2

13. Exploitation Parameters
[ - ] Bypasses ASLR
[ - ] Bypasses DEP / W ^ X
[ - ] Bypasses EMET Version 5.52±

14. Is ROP employed?
[ - ] Yes (but without fixed addresses)
More info after purchase , ROP chain is located in msvcr71.dll library.

15. Does this item alert the target user?
NO , Completely Hidden shellcode Execution.

16. How long does exploitation take, in seconds?
5.2mil

17. Does this item require any specific user interactions?
NO , RCE without any interactions from target.

18. Any associated caveats or environmental factors? For example - does the exploit determine
remote OS/App versioning,and is that required?
NO its does not determine any app version if its not the affected app version it will cause DOS.

19. Does it require additional work to be compatible with arbitrary payloads?
[ - ] Yes
The exploit uses the heap spray technique in order to execute arbitrary code

20. Is this a finished item you have in your possession that is ready for delivery immediately?
[ - ] Yes

21. Impact on framework (crashes, etc.).

Microsoft Office 2007 SP3 = no crash + perform the heap spray and execute a shellcode
Microsoft Word 2013 Service Pack 1 (64-bit editions) = APP crash + perform the heap spray and execute a shellcode
Microsoft Word 2013 Service Pack 1 (32-bit editions) = no crash + perform the heap spray and execute a shellcode
Microsoft Word 2013 RT Service Pack 1 0 = no crash + perform the heap spray and execute a shellcode
Microsoft Word 2010 Service Pack 2 (64-bit editions) 0 = no crash + perform the heap spray and execute a shellcode
Microsoft Word 2010 Service Pack 2 (32-bit editions) 0 = no crash + perform the heap spray and execute a shellcode
Microsoft Office 2010 (64-bit edition) SP2 = no crash + perform the heap spray and execute a shellcode
Microsoft Office 2010 (32-bit edition) SP2 = no crash + perform the heap spray and execute a shellcode
Microsoft Word 2016 Service Pack 1 (64-bit editions) = APP crash + perform the heap spray and execute a shellcode
Microsoft Word 2016 Service Pack 1 (32-bit editions) = no crash + perform the heap spray and execute a shellcode
Microsoft Office: 365 ProPlus = APP crash + perform the heap spray and execute a shellcode

Other information : shellcode uses an incremental XOR to decode the malware
and then performs permutation on the first 512 bytes (to avoid PE detection)

Video: https://youtu.be/8t8COuqA19U

ICQ : 746229866
l33t.codes@gmail.com
l33t-coder
New User
New User
 
Posts: 1
Joined: Thu Apr 30, 2020 8:07 pm
Blog: View Blog (0)


Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests