Exploitation Summary
CVE-2017-8570 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added February 25, 2022. EIP tracks 11 public exploits from researchers including Rich Warren, rxwx, temesgeny.
AI-analyzed exploit summary This exploit leverages CVE-2017-8570 (Composite Moniker vulnerability) to drop an SCT file into the %TEMP% directory and execute it via Packager.dll. It generates a malicious RTF file for delivery.
Description
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.
Exploits (11)
This exploit leverages CVE-2017-8570 (Composite Moniker vulnerability) to drop an SCT file into the %TEMP% directory and execute it via Packager.dll. It generates a malicious RTF file for delivery.
This repository contains a functional PoC exploit for CVE-2017-8570, leveraging the Packager.dll technique to drop an SCT file into the %TEMP% directory and execute it via a Composite Moniker vulnerability in Microsoft Office.
This repository contains a Python tool that generates a malicious PowerPoint Slide Show (.ppsx) file exploiting CVE-2017-8570. The tool embeds a remote XML file containing a JScript payload that downloads and executes an arbitrary executable via PowerShell.
This repository contains a functional PoC for CVE-2017-8570, leveraging the Packager.dll trick to drop an SCT file into %TEMP% and execute it via a Composite Moniker vulnerability in Microsoft Office.
This repository provides a proof-of-concept exploit for CVE-2017-8570, a remote code execution vulnerability in Microsoft Office. The exploit generates a malicious .ppsx file that, when opened, uses PowerShell to download and execute a payload, resulting in a Meterpreter session.
This is a Python-based exploit for CVE-2017-8570, which leverages a vulnerability in Microsoft Office's handling of OLE objects embedded in RTF files. The exploit generates a malicious RTF file that, when opened, executes arbitrary code via a crafted OLE package.
This repository contains a functional PoC exploit for CVE-2017-8570, leveraging the Packager.dll technique to drop an SCT file into the %TEMP% directory and execute it via a Composite Moniker vulnerability in Microsoft Office.
This repository contains a Python-based exploit toolkit for CVE-2017-8570, a Microsoft Office RCE vulnerability. It generates malicious PPSX files and can deliver payloads via SCT files or direct execution.
This repository contains a functional Python script that generates a malicious RTF file exploiting CVE-2017-8570 via the Packager.dll trick to drop and execute an SCT file in the %TEMP% directory. The exploit leverages the Composite Moniker vulnerability to bypass patches for CVE-2017-0199.
This repository contains a functional Python script that exploits CVE-2017-8570, a Microsoft Office PPSX RCE vulnerability. The toolkit generates malicious PPSX files and delivers payloads (local or remote) via SCT files, supporting Metasploit integration.
This repository contains a functional Python script that generates a malicious RTF file exploiting CVE-2017-8570 via the Composite Moniker vulnerability. It uses the Packager.dll trick to drop an SCT file into the %TEMP% directory and execute it.
References (6)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H