CVE-2017-0199

This Metasploit module exploits CVE-2017-0199 by generating a malicious RTF file that, when opened in vulnerable Microsoft Office Word versions, executes arbitrary code via an OLE link object fetching and executing an HTA file from a remote server.

This exploit leverages CVE-2017-0199 in Microsoft Excel by abusing the DDEService attribute to execute arbitrary local programs. It requires user interaction (double-click) to trigger the payload, bypassing security warnings in unpatched versions.

This Python script exploits CVE-2017-0199, a Microsoft Office RCE vulnerability, by generating malicious RTF or PPSX files and delivering payloads via HTA/SCT files. It supports both local and remote payload delivery, with optional obfuscation for RTF files.

This repository provides a curated list of references and external PoC links for CVE-2017-0199, a remote code execution vulnerability in Microsoft Office/WordPad via malicious RTF files. It includes technical analysis links but does not contain direct exploit code.

This repository contains a functional Python script that generates malicious RTF/PPSX files to exploit CVE-2017-0199, a Microsoft Office RCE vulnerability. The toolkit supports multiple attack scenarios, including local and remote payload delivery, and integrates with Metasploit for post-exploitation.

This repository contains a functional exploit for CVE-2017-0199, a remote code execution vulnerability in Microsoft Office. The Python script serves a malicious HTA file that leverages the vulnerability to download and execute a payload.

This repository provides a curated list of references and external links related to CVE-2017-0199, a vulnerability in Microsoft Office/WordPad that allows remote code execution via malicious RTF files. It includes links to PoC repositories, analysis blogs, and official CVE details but does not contain direct exploit code.

This repository provides a detailed technical analysis of CVE-2017-0199, including its exploitation mechanism and a registry-based mitigation. It explains how malicious HTA files embedded in RTF documents can execute code via OLE2 objects and offers a fix by modifying registry keys to replace mshta.exe with notepad.exe.

The repository contains only a README with a Twitter link and no exploit code or technical details. It appears to be a placeholder or lure without substantive content.

This repository contains a functional Python script that generates malicious RTF files and delivers payloads to exploit CVE-2017-0199, a Microsoft Word RTF remote code execution vulnerability. The toolkit supports both RTF generation and exploitation modes, integrating with Metasploit for payload delivery.

This repository contains a Python script designed to extract URLs from malicious RTF files exploiting CVE-2017-0199 and CVE-2017-8759. It does not execute the exploit but analyzes RTF files to identify embedded URLs used in the attack.

This repository contains a PowerShell script designed to de-obfuscate RTF documents exploiting CVE-2017-0199, extracting embedded URLs statically. It does not exploit the vulnerability but aids in analyzing malicious RTF files by cleaning obfuscated content and revealing hidden URLs.

This repository provides a detailed technical analysis and step-by-step reproduction of CVE-2017-0199, a vulnerability in Microsoft Office that allows remote code execution via malicious RTF files with embedded OLE objects. It includes environment setup, exploitation steps, and a breakdown of the vulnerability's root cause involving URL Moniker and HTA handling.

This repository contains a functional Python script that generates malicious RTF/PPSX files exploiting CVE-2017-0199, a Microsoft Office RCE vulnerability. The toolkit supports multiple exploitation scenarios, including local/remote payload delivery and custom HTA files.

This repository contains a functional Python exploit for CVE-2017-0199, which leverages a vulnerability in Microsoft Office's handling of RTF documents to achieve remote code execution via a malicious HTA file. The exploit sets up a server to deliver the payload when a victim opens the crafted document.

This repository contains a Python script that generates malicious RTF files exploiting CVE-2017-0199, a Microsoft Office RTF remote code execution vulnerability. The toolkit can also act as a web server to deliver payloads, supporting Metasploit integration for post-exploitation.

This repository contains a functional exploit toolkit for CVE-2017-0199, a Microsoft Word RTF RCE vulnerability. The Python script generates malicious RTF files and sets up a server to deliver payloads when the victim opens the file.

This repository provides a detailed technical analysis of a malicious DOCX file exploiting CVE-2017-0199, including network behavior, dropped files, registry activity, and detection engineering insights. It includes Sigma rules, Suricata signatures, and EDR hunting queries for blue team use.

This repository provides a detailed technical analysis of a malicious DOCX file exploiting CVE-2017-0199, including network behavior, dropped files, registry activity, and detection rules. It includes IOCs, Sigma rules, Suricata signatures, and EDR hunting queries for blue team use.

This repository provides a detailed technical analysis of a malicious DOCX file exploiting CVE-2017-0199, including network behavior, dropped files, registry activity, and detection engineering insights. It includes IOCs, Sigma rules, Suricata signatures, and EDR hunting queries for blue team use.

This repository contains a functional Python script that generates malicious RTF/PPSX files to exploit CVE-2017-0199, a Microsoft Office RCE vulnerability. The toolkit supports multiple attack scenarios, including local and remote payload delivery, and integrates with Metasploit for post-exploitation.

This repository contains a detailed technical analysis of a malware campaign leveraging CVE-2017-0199, focusing on network traffic, extracted files, and behavioral analysis. It includes PCAP analysis, JA3/JA4 fingerprinting, and triage of HTA/VBS payloads but does not provide functional exploit code.

This repository contains a functional Python script that generates malicious RTF files and delivers payloads to exploit CVE-2017-0199, a Microsoft Word RTF RCE vulnerability. The toolkit supports both RTF generation and exploitation modes, integrating with Metasploit for payload delivery.

This repository contains a functional Python script that generates malicious RTF/PPSX files to exploit CVE-2017-0199, a Microsoft Office RCE vulnerability. The toolkit supports both file generation and exploitation modes, delivering payloads via crafted documents.

This repository contains a functional Python script that exploits CVE-2017-0199, a Microsoft Office RCE vulnerability. The toolkit generates malicious RTF/PPSX files and delivers payloads via HTTP, supporting local and remote payloads, as well as custom HTA files.

This repository contains a functional Python toolkit for exploiting CVE-2017-0199, a Microsoft Office RCE vulnerability. It generates malicious RTF/PPSX files and delivers payloads via HTA/SCT files, supporting both remote and local payload execution.

This repository contains a functional Python-based exploit toolkit for CVE-2017-0199, a Microsoft Office RCE vulnerability. The toolkit can generate malicious RTF/PPSX files and deliver payloads via HTA/SCT files, supporting both local and remote payload execution.

This repository contains a functional Python script that generates malicious RTF/PPSX files to exploit CVE-2017-0199, a Microsoft Office RCE vulnerability. The toolkit supports multiple attack scenarios, including local/remote payload delivery and custom HTA file execution.

The repository contains only a minimal README with the CVE number and an author name, lacking any exploit code, technical details, or functional content. It appears to be a placeholder or incomplete submission.

This repository contains a functional exploit for CVE-2017-0199, which leverages a Microsoft Word RCE vulnerability via an HTA handler. The script generates malicious RTF and HTA files designed to execute arbitrary commands, including a reverse shell payload.

The repository contains only a README.md file with minimal content (just the CVE identifier) and no exploit code or technical details. It appears to be a placeholder or incomplete repository.

This Metasploit module exploits CVE-2017-0199 by crafting a malicious RTF file that triggers an OLE link to execute an HTA payload, leading to remote code execution on vulnerable Microsoft Office Word installations.

This repository contains a functional Python script that generates malicious RTF/PPSX files to exploit CVE-2017-0199, a Microsoft Office RCE vulnerability. The toolkit supports multiple attack scenarios, including local and remote payload delivery, and integrates with Metasploit for post-exploitation.

This repository contains a functional Python-based exploit toolkit for CVE-2017-0199, a Microsoft Office RCE vulnerability. It includes both generation and exploitation modes for malicious RTF/PPSX files, with options for obfuscation and payload delivery.