This vulnerability allows remote code execution every time a user opens a specially modified Microsoft Office Word (exploit doc) with an invalid Word file Stream.
Thus, an attacker who exploited the vulnerabilities exploit doc with success, could run arbitrary code in the context of the current user.
This module Exploit EXE to DOC creates a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MS ComctlLib ListViewCtrl 2 Control as exploited. Exploitation on this one is easy. First of all, we created a VM with Windows 10 fully patched and then installed Microsoft Office 2003+2007+2010+2013+2016 (no SP).
Up next, we rebooted the VM. Then loaded up the MS Office Exploit DOC 2003 + 2007 + 2010 + 2013 + 2016 mscomctl Universal Exploit (CVE-2016-0057) exploit in metasploit and setup a meterpreter reverse tcp payload. The next step was creating the malicious msf.doc file by exploiting the module and then setup a multi-handler with a reverse tcp payload. After that, we copied the malicious msf.doc file to the target machine using a SMB transfer.
The stage was sent when we opened the msf.doc file and a meterpreter session opened with our user account. Following, we installed the SP 3 patch for Office and rebooted the machine.
What comes next is testing the exploit again and receiving a meterpreter shell. Finally, we rolled the VM back to a clean Windows install and then installed Office 2016. By repeating the above steps we got another meterpreter session.
Exploit Doc Builder
Create a .EXE archive from your file or convert an existing archive to the .DOC format with this Silent DOC Exploit Builder generator. You can either upload your file or provide us a URL that will point to a file or archive and the conversion to the .DOC format will start right away.
EXE to DOC
Convert any Exe to DOC. All DOC versions are compatible and the maximum support of our team is at your service to help you on every issue you might come across.
Our team can provide you with whatever you wish and as result, we achieve to have the Exploit DOC.
Compatibility of Exploit DOC CVE-2017-0052
Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2,
Word 2013 SP1,Word 2013 R2 SP1, Word 2016, and Word Viewer allow
remote attackers to execute arbitrary code or cause a denial of service
(memory corruption) via a crafted document, aka
“Microsoft Office Memory Corruption Vulnerability.”
This vulnerability is different from those described in CVE-2017-0006.