Microsoft Office Word 2007,2010,2013,2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)
Hello FR3END !! Microsoft Office Word 2007,2010,2013,2016 Found by 0day Vulnerability
So This is only education !!! I hope you protect your company with this vulnerability MS RCE
###################################################################################### Application: Microsoft Office Word# Platforms: Windows, OSX# Versions: Microsoft Office Word 2007,2010,2013,2016# Author: Sébastien Morin of COSIG# Website: https://cosig.gouv.qc.ca/en/advisory/# Twitter: @SebMorin1, @COSIG_# Date: August 09, 2016# CVE: CVE-2016-3313# COSIG-2016-31#####################################################################################1) Introduction2) Report Timeline3) Technical details4) POC#######################################################################################===================1) Introduction===================Microsoft Word is a word processor developed by Microsoft.It was first released on October 25, 1983[3] under the name Multi-Tool Word for Xenix systems.[4][5][6] Subsequent versions were later written for several other platforms includingIBM PCs running DOS (1983), Apple Macintosh running Mac OS (1985), AT&T Unix PC (1985), Atari ST (1988),OS/2 (1989), Microsoft Windows (1989) and SCO Unix (1994).Commercial versions of Word are licensed as a standalone product or as a component of Microsoft Office,Windows RT or the discontinued Microsoft Works suite.Microsoft Word Viewer and Office Online are Freeware editions of Word with limited features.(https://en.wikipedia.org/wiki/Microsoft_Word)
#######################################################################################===================2) Report Timeline===================2016-05-15: Sébastien Morin of COSIG report the vulnerability to MSRC.2016-06-07: MSRC confirm the vulnerability2016-08-09: Microsoft fixed the issue (MS16-099).2016-08-09: Advisory released.#######################################################################################===================3) Technical details===================This vulnerability allow remote code execution if a user opens a specially crafted Microsoft Office Word (.doc) with an invalid WordDocumentStream.An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.#######################################################################################==========4) POC==========https://smsecurity.net/wp-content/uploads/2016/08/COSIG-2016-31.dochttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40224.zip#######################################################################################