CVE-2015-1641 PoC — Microsoft Office 内存损坏漏洞

Source

https://github.com/Cyberclues/rtf_exploit_extractor

Associated Vulnerability

Title:Microsoft Office 内存损坏漏洞 (CVE-2015-1641)
Description:Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."

Description

Script to extract malicious payload and decoy document from CVE-2015-1641 exploit documents

Readme

# rtf_exploit_extractor
Script to extract malicious payload and decoy document from CVE-2015-1641 exploit documents

	usage: rtfexploit_extract.py [-h] [-o OUTFILE] [-d DECOY] [-l LENGTH] [-v] inputfile
	
	
	inputfile             exploit document to examine
	
	optional arguments:
	
		-h, --help			show this help message and exit
	  
	  	-o OUTFILE, --outfile OUTFILE
	  						output filename for extracted payload
	  						
		-d DECOY, --decoy DECOY
							output filename for extracted decoy document
							
	  	-l LENGTH, --length LENGTH
							length of each marker to search for (def: 7)
							
		-v                    print debug messages


All args are optional except for input filename.

Ref: http://blog.malwareclipboard.com/2015/10/rtf-exploit-document-extraction.html

File Snapshot


 [4.0K]  /data/pocs/0d5afb6c8cc73fa843def691dbb3997f51d92a6f
├── [ 782]  README.md
└── [7.4K]  rtfexploit_extract.py

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!