CVE-2015-6132 PoC — Microsoft Windows库加载远程执行代码漏洞

Source

https://github.com/hexx0r/CVE-2015-6132

Associated Vulnerability

Title:Microsoft Windows库加载远程执行代码漏洞 (CVE-2015-6132)
Description:Microsoft Windows是美国微软（Microsoft）公司发布的一系列操作系统。 Microsoft Windows中存在远程执行代码漏洞，该漏洞源于程序在加载库前不正确地验证输入。攻击者可利用该漏洞完全控制受影响的系统。以下版本受到影响：Microsoft Windows Vista SP2，Windows Server 2008 SP2和R2 SP1，Windows 7 SP1，Windows 8，Windows 8.1，Windows Server 2012 Gold和R2，Window

Description

Microsoft Office / COM Object DLL Planting

Readme

# CVE-2015-6132
Microsoft Office / COM Object DLL Planting 

Original poc:
https://www.exploit-db.com/exploits/38968/

Running poc.rtf with mqrt.dll in the same directory will trigger the dll, which in this case (pop calc)
making Down/exec Dll will work as well

Exporting the dll to run from Samba/WebDav is possible


https://twitter.com/hex00r

File Snapshot


 [4.0K]  /data/pocs/6bf37800b7360699307d8fa7e5c549c229924218
├── [ 76K]  mqrt.dll
├── [ 202]  poc.rtf
└── [ 347]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!