Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-6132 PoC — Microsoft Windows库加载远程执行代码漏洞

Source
https://github.com/hexx0r/CVE-2015-6132
Associated Vulnerability
Title:Microsoft Windows库加载远程执行代码漏洞 (CVE-2015-6132)
Description:Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."
Description
Microsoft Office / COM Object DLL Planting
Readme
# CVE-2015-6132
Microsoft Office / COM Object DLL Planting 

Original poc:
https://www.exploit-db.com/exploits/38968/

Running poc.rtf with mqrt.dll in the same directory will trigger the dll, which in this case (pop calc)
making Down/exec Dll will work as well

Exporting the dll to run from Samba/WebDav is possible


https://twitter.com/hex00r
File Snapshot

 [4.0K]  /data/pocs/6bf37800b7360699307d8fa7e5c549c229924218
├── [ 76K]  mqrt.dll
├── [ 202]  poc.rtf
└── [ 347]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →