CVE-2018-8174 PoC — Microsoft Windows VBScript引擎缓冲区错误漏洞

Source

https://github.com/0x09AL/CVE-2018-8174-msf

Associated Vulnerability

Title:Microsoft Windows VBScript引擎缓冲区错误漏洞 (CVE-2018-8174)
Description:Microsoft Windows 7等都是美国微软（Microsoft）公司发布的一系列操作系统。Windows VBScript engine是其中的一个VBScript（脚本语言）引擎。 Microsoft Windows VBScript引擎中存在远程代码执行漏洞。远程攻击者可利用该漏洞在当前用户的上下文中执行任意代码，造成内存损坏。以下系统版本受到影响：Microsoft Windows 7，Windows Server 2012 R2，Windows RT 8.1，Windows Server

Description

CVE-2018-8174 - VBScript memory corruption exploit.

Readme

# CVE-2018-8174-msf
This is a metasploit module which creates a malicious word document to exploit CVE-2018-8174 - VBScript memory corruption vulnerability.

This module is a very quick port and uses the exploit sample that was found in the wild. The exploit works only for Microsoft Office 32-bit.

There are a lot of things that need to get better at this module but I will update it in the future if I find some time.

## Installation
1) Copy the CVE-2018-8174.rb to /usr/share/metasploit-framework/modules/exploits/windows/fileformat/
2) Copy the CVE-2018-8174.rtf to /usr/share/metasploit-framework/data/exploits/


The exploit doesn't work very well with meterpreter shellcode so it's better to use non-staged reverse shell.


## Disclaimer

DO NOT USE THIS SOFTWARE FOR ILLEGALL PURPOSES.

THE AUTHOR DOES NOT KEEP ANY RESPONSIBILITY FOR ANY MISUSE OF THE CODE PROVIDED HERE.

File Snapshot


 [4.0K]  /data/pocs/b627cf97e3010738e7e6a8754dba25f01f916e12
├── [ 13K]  CVE-2018-8174.rb
├── [5.3K]  CVE-2018-8174.rtf
└── [ 885]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!