CVE-2017-11882CISA KEV: Actively Exploited

Microsoft Office Memory Corruption Vulnerability

Published Nov 3, 2021·Updated Nov 3, 2021

Description

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Public Exploits & PoCs24 found

PoC: CVE-2017-11882

CVE-2017-11882 from https://github.com/embedi/CVE-2017-11882

526

PoC: CVE-2017-11882

Proof-of-Concept exploits for CVE-2017-11882

495

PoC: CVE-2017-11882

CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum.

302

PoC: CVE-2018-0802

PoC Exploit for CVE-2018-0802 (and optionally CVE-2017-11882)

270

PoC: RTF_11882_0802

PoC for CVE-2018-0802 And CVE-2017-11882

162

PoC: CVE-2017-11882-metasploit

This is a Metasploit module which exploits CVE-2017-11882 using the POC released here : https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about.

99

PoC: CVE-2017-11882

CVE-2017-11882 exploitation

43

PoC: 2017-11882_Generator

CVE-2017-11882 File Generator PoC

35

PoC: SignHere

SignHere is implementation of CVE-2017-11882. SignHere is builder of malicious rtf document and VBScript payloads.

5

PoC: CVE-2017-11882

CVE-2017-11882(通杀Office 2003到2016)

4

PoC: Overflow-Demo-CVE-2017-11882

Simple Overflow demo, like CVE-2017-11882 exp

2

PoC: CVE-2017-11882

Empire Port of CVE-2017-11882

2

PoC: Maldoc-Analysis

Pada bulan maret 2023, terdapat sample baru yang terindentifikasi sebagai malware. Malware tersebut berasal dari file berekstensi.xls dan .doc dan dikenal dengan nama “Bank Slip.xls”. Aktivitas malware tersebut memiliki hubungan dengan kerentanan yang dikenal dengan id CVE-2017-11882 dan CVE-2018-0802.

1

PoC: Office-Malware-Forensics-Lab-REMnux-Static-Analysis

Static analysis of 2 malicious Office documents on REMnux using oletools; identified CVE-2017-11882 and obfuscated macros.

PoC: CVE-2017

Proof-of-Concept exploits for CVE-2017-11882

PoC: CVE-2017-11882

Simple PoC of CVE-2017-11882

PoC: CVE-2017-11882-Preventer

CVE-2017-11882 Preventer for .docx files

PoC: Malware-Analysis-CVE-2017-11882

Malware Analysis CVE-2017-11882

PoC: Dragonfish-s-Malware-Cyber-Analysis

Examining the phases of an attack using “Dragonfish's Elise Malware”, specifically, exploring the exploitation of vulnerability CVE-2017-11882.

PoC: CVE-2017-11882-reproduction

CVE-2017-11882复现

PoC: rtfkit

generate RTF exploit payload. uses cve-2017-11882, cve-2017-8570, cve-2018-0802, and cve-2018-8174.

PoC: CVE-2017-11882

Microsoft Equation 3.0/Convert python2 to python3

PoC: CVE-2017-11882-for-Kali

# CVE-2017-11882-metasploit This is a Metasploit module which exploits CVE-2017-11882 using the POC below: https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about. ## Installation 1) Copy the cve_2017_11882.rb to /usr/share/metasploit-framework/modules/exploits/windows/local/ 2) Copy the cve-2017-11882.rtf to /usr/share/metasploit-framework/data/exploits/ This module is a quick port to Metasploit and uses mshta.exe to execute the payload. There are better ways to implement

PoC: ABC

CVE-2017-11882

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free