Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-8759 PoC — Microsoft .NET Framework 安全漏洞

Source
https://github.com/Voulnet/CVE-2017-8759-Exploit-sample
Associated Vulnerability
Title:Microsoft .NET Framework 安全漏洞 (CVE-2017-8759)
Description:Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
Description
Running CVE-2017-8759 exploit sample.
Readme
# CVE-2017-8759-Exploit-sample
Running CVE-2017-8759 exploit sample.



Flow of the exploit:

Word macro runs in the Doc1.doc file. The macro downloads a badly formatted txt file over wsdl, which triggers the WSDL parser log. Then the parsing log results in running mshta.exe which in turn runs a powershell commands that runs mspaint.exe



To test:

Run a webserver on port 8080, and put the files exploit.txt and cmd.hta on its root. For example python3 -m http.server -127.0.0.1 8080
Or you can use python3 server.py

If all is good mspaint should run.

Mohammed Aldoub @Voulnet

## References:

https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html
File Snapshot

 [4.0K]  /data/pocs/3c72b0c9de5d14b31702aa74da3d9e427d56a825
├── [ 549]  cmd.hta
├── [ 32K]  Doc1.doc
├── [1.2K]  exploit.txt
├── [1.0K]  LICENSE
├── [ 694]  README.md
└── [ 230]  server.py

0 directories, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →