CVE-2018-8174 PoC — Microsoft Windows VBScript引擎缓冲区错误漏洞

Source

https://github.com/0x09AL/CVE-2018-8174-msf

Associated Vulnerability

Title:Microsoft Windows VBScript引擎缓冲区错误漏洞 (CVE-2018-8174)
Description:A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Description

CVE-2018-8174 - VBScript memory corruption exploit.

Readme

# CVE-2018-8174-msf
This is a metasploit module which creates a malicious word document to exploit CVE-2018-8174 - VBScript memory corruption vulnerability.

This module is a very quick port and uses the exploit sample that was found in the wild. The exploit works only for Microsoft Office 32-bit.

There are a lot of things that need to get better at this module but I will update it in the future if I find some time.

## Installation
1) Copy the CVE-2018-8174.rb to /usr/share/metasploit-framework/modules/exploits/windows/fileformat/
2) Copy the CVE-2018-8174.rtf to /usr/share/metasploit-framework/data/exploits/


The exploit doesn't work very well with meterpreter shellcode so it's better to use non-staged reverse shell.


## Disclaimer

DO NOT USE THIS SOFTWARE FOR ILLEGALL PURPOSES.

THE AUTHOR DOES NOT KEEP ANY RESPONSIBILITY FOR ANY MISUSE OF THE CODE PROVIDED HERE.

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!