CVE-2017-0199CISA KEV: Actively Exploited

Microsoft Office and WordPad Remote Code Execution Vulnerability

Published Nov 3, 2021·Updated Nov 3, 2021

Description

Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.

Public Exploits & PoCs15 found

PoC: CVE-2017-0199

Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.

677

PoC: CVE-2017-0199-master

CVE-2017-0199

16

PoC: CVE-2017-0199-Fix

Quick and dirty fix to OLE2 executing code via .hta

15

PoC: CVE-2017-0199

Exploit toolkit CVE-2017-0199 - v2.0 is a handy python script which provides a quick and effective way to exploit Microsoft RTF RCE. It could generate a malicious RTF file and deliver metasploit / meterpreter / any other payload to victim without any complex configuration.

8

PoC: RTF-Cleaner

RTF Cleaner, tries to extract URL from malicious RTF samples using CVE-2017-0199 & CVE-2017-8759

4

PoC: CVE-2017-0199

Exploit toolkit CVE-2017-0199 - v2.0 is a handy python script which provides a quick and effective way to exploit Microsoft RTF RCE. It could generate a malicious RTF file and deliver metasploit / meterpreter payload to victim without any complex configuration.

4

PoC: RTF-Cleaner

RTF de-obfuscator for CVE-2017-0199 documents to find URLs statically.

3

PoC: htattack

An exploit implementation for RCE in RTF & DOCs (CVE-2017-0199)

3

PoC: Phishing-Analysis

This repository contains a full blue-team malware analysis of a real malicious DOCX exploiting CVE-2017-0199. The lab includes sandbox execution, network forensics, IOC extraction, MITRE ATT&CK mapping, dropped files review, and detection rules. Evidence screenshots are included inside the evidence folder for professional documentation.

1

PoC: PoC-CVE-2017-0199

Exploit toolkit for vulnerability RCE Microsoft RTF

1

PoC: XLS-to-DBatLoader-or-GuLoader-for-AgentTesla-variant

CVE-2017-0199 XLS --> HTA --> VBS --> STEGANOGRAPHY --> DBATLOADER/GULOADER STYLE MALWARE

PoC: CVE-2017-0199

Python3 toolkit update

PoC: CVE-2017-0199-reprofuction

CVE-2017-0199复现

PoC: CVE-2017-0199

A python script/generator, for generating and exploiting Microsoft vulnerability

PoC: Cve-2017-0199-

Cve-2017-0199

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free