CVE-2017-8570 PoC — Microsoft Office 安全漏洞

Source

https://github.com/Drac0nids/CVE-2017-8570

Associated Vulnerability

Title:Microsoft Office 安全漏洞 (CVE-2017-8570)
Description:Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.

Description

## 在kali中自动化生成cve-2017-8570的恶意ppsx文件和配置msf监听

Readme

### 用法：

下载脚本后修改attack_ip为kali的ip，LPORT为msf要监听的端口，DIR为任意空目录
![](https://i.imgur.com/DECAO8Q.png)

给脚本777的权限
```
chmod 777 auto
```
然后运行脚本
```
./auto
```
![](https://i.imgur.com/x7NQLCA.png)

然后在DIR+Office8570 目录下找到Invoice.ppsx文件，将其发送给被攻击者
被攻击者打开Invoice.ppsx文件后会利用powershell下载shell.exe，然后会返回一个meterpreter

![](https://i.imgur.com/UqDYQV6.png)

File Snapshot


 [4.0K]  /data/pocs/42fc70c58893390ce935d61e698513ebfa68da7c
├── [ 894]  auto
└── [ 504]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!