module
Office OLE Multiple DLL Side Loading Vulnerabilities
| Disclosed | Created |
|---|---|
| 12/08/2015 | 05/30/2018 |
Disclosed
12/08/2015
Created
05/30/2018
Description
Multiple DLL side loading vulnerabilities were found in various COM components.
These issues can be exploited by loading various these components as an embedded
OLE object. When instantiating a vulnerable object Windows will try to load one
or more DLLs from the current working directory. If an attacker convinces the
victim to open a specially crafted (Office) document from a directory also
containing the attacker's DLL file, it is possible to execute arbitrary code with
the privileges of the target user. This can potentially result in the attacker
taking complete control of the affected system.
These issues can be exploited by loading various these components as an embedded
OLE object. When instantiating a vulnerable object Windows will try to load one
or more DLLs from the current working directory. If an attacker convinces the
victim to open a specially crafted (Office) document from a directory also
containing the attacker's DLL file, it is possible to execute arbitrary code with
the privileges of the target user. This can potentially result in the attacker
taking complete control of the affected system.
Author
Yorick Koster
Platform
Windows
Architectures
x86, x64
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/windows/fileformat/office_ole_multiple_dll_hijack
msf /(k) > show actions
...actions...
msf /(k) > set ACTION < action-name >
msf /(k) > show options
...show and set options...
msf /(k) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.