Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2017-11882

Description

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.

POC

Reference

- http://reversingminds-blog.logdown.com/posts/3907313-fileless-attack-in-word-without-macros-cve-2017-11882

- https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html

- https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html

- https://github.com/0x09AL/CVE-2017-11882-metasploit

- https://github.com/embedi/CVE-2017-11882

- https://github.com/rxwx/CVE-2017-11882

- https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/

- https://web.archive.org/web/20181104111128/https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about/

- https://www.exploit-db.com/exploits/43163/

Github

- https://github.com/00xtrace/Red-Team-Ops-Toolbox

- https://github.com/0kraven/MalDevJournal

- https://github.com/0x06K/MalDevJournal

- https://github.com/0x09AL/CVE-2017-11882-metasploit

- https://github.com/0xT11/CVE-POC

- https://github.com/0xdeadgeek/Red-Teaming-Toolkit

- https://github.com/0xh4di/Red-Teaming-Toolkit

- https://github.com/0xp4nda/Red-Teaming-Toolkit

- https://github.com/15866095848/15866095848

- https://github.com/1o24er/RedTeam

- https://github.com/20142995/sectool

- https://github.com/2lambda123/m0chan-Red-Teaming-Toolkit

- https://github.com/3m1za4/100-Best-Free-Red-Team-Tools-

- https://github.com/3th1c4l-t0n1/awesome-csirt

- https://github.com/404notf0und/Security-Data-Analysis-and-Visualization

- https://github.com/5l1v3r1/rtfkit

- https://github.com/5up3rc/exploits

- https://github.com/6R1M-5H3PH3RD/Red_Teaming_Tool_Kit

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/ARPSyndicate/cvemon

- https://github.com/Abdibimantara/Maldoc-Analysis

- https://github.com/ActorExpose/CVE-2017-11882

- https://github.com/Al1ex/APT-GUID

- https://github.com/Al1ex/Red-Team

- https://github.com/Apri1y/Red-Team-links

- https://github.com/AzyzChayeb/Redteam

- https://github.com/BENARBIAfiras/SophosLabs-Intelix

- https://github.com/BlackMathIT/2017-11882_Generator

- https://github.com/BugBlocker/lotus-scripts

- https://github.com/C-starm/PoC-and-Exp-of-Vulnerabilities

- https://github.com/CSC-pentest/cve-2017-11882

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/CYB3RMX/Qu1cksc0pe

- https://github.com/Casttllee/Malware-Analysis

- https://github.com/ChaitanyaHaritash/CVE-2017-11882

- https://github.com/CyAxe/lotus-scripts

- https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections

- https://github.com/CyberSecurityUP/APT-SF

- https://github.com/CyberSecurityUP/Adversary-Emulation-Matrix

- https://github.com/CyberSift/CyberSift-Alerts

- https://github.com/Echocipher/Resource-list

- https://github.com/Fa1c0n35/Red-Teaming-Toolkit

- https://github.com/FlatL1neAPT/MS-Office

- https://github.com/Flerov/WindowsExploitDev

- https://github.com/FontouraAbreu/Traffic_analysis_test

- https://github.com/Fynnesse/Malware-Analysis-w-REMnux

- https://github.com/GhostTroops/TOP

- https://github.com/Grey-Li/CVE-2017-11882

- https://github.com/HZachev/ABC

- https://github.com/HacTF/poc--exp

- https://github.com/HaoJame/CVE-2017-11882

- https://github.com/HildeTeamTNT/Red-Teaming-Toolkit

- https://github.com/IversionBY/PenetratInfo

- https://github.com/J-SinwooLee/Malware-Analysis-REMnux

- https://github.com/JERRY123S/all-poc

- https://github.com/Micr067/Pentest_Note

- https://github.com/Mr-hunt-007/CyberSecurity-Tools

- https://github.com/Mrnmap/RedTeam

- https://github.com/N3xT97/Portfolio

- https://github.com/No-Spear/static-engine

- https://github.com/OlaleyeAyobami/Malware-Analysis-Lab

- https://github.com/Ondrik8/RED-Team

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/PCsXcetra/EquationEditorShellCodeDecoder

- https://github.com/PWN-Kingdom/Test_Tasks

- https://github.com/PaloAltoNetworks/research-notes

- https://github.com/Parist0nH1ll/Vulnerabilities-Write-Ups

- https://github.com/Patecatl848/Jstrosch-M.W.-samples

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/Retr0-code/SignHere

- https://github.com/Ridter/CVE-2017-11882

- https://github.com/Ridter/RTF_11882_0802

- https://github.com/Rory33160/Phishing-Prevention

- https://github.com/RxXwx3x/Redteam

- https://github.com/S3N4T0R-0X0/Ember-Bear-APT

- https://github.com/Saidul-M-Khan/Red-Teaming-Toolkit

- https://github.com/SewellDinG/Search

- https://github.com/SexyBeast233/SecBooks

- https://github.com/Shadowshusky/CVE-2017-11882-

- https://github.com/Shirmali/Datacom-Cyber-Security-Job-Simulation

- https://github.com/Soldie/Red-Team-Tool-Kit---Shr3dKit

- https://github.com/Spacial/awesome-csirt

- https://github.com/StrangerealIntel/DeltaFlare

- https://github.com/Sunqiz/CVE-2017-11882-reproduction

- https://github.com/TBHIDK24/MalDevJournal

- https://github.com/TBHIDK57/MalDevJournal

- https://github.com/Th3k33n/RedTeam

- https://github.com/ThorisoM-hub/phishing-mail-alert-investigation-of-malicious-file-attachment

- https://github.com/TrojanAZhen/Self_Back

- https://github.com/Ygodsec/-

- https://github.com/ZTK-009/RedTeamer

- https://github.com/ZakharZverev/ZverevZD_Praktika_241-351

- https://github.com/ZtczGrowtopia/2500-OPEN-SOURCE-RAT

- https://github.com/alecdhuse/Lantern-Shark

- https://github.com/allwinnoah/CyberSecurity-Tools

- https://github.com/arcangel2308/Shr3dit

- https://github.com/avboy1337/Vulnerabilities

- https://github.com/bb33bb/Vulnerabilities

- https://github.com/blockchainguard/blockchainhacked

- https://github.com/bloomer1016/CVE-2017-11882-Possible-Remcos-Malspam

- https://github.com/chanbin/CVE-2017-11882

- https://github.com/chenxiang12/document-eqnobj-dataset

- https://github.com/co-devs/cve-otx-lookup

- https://github.com/cranelab/exploit-development

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/czq945659538/-study

- https://github.com/d0703887/SINICA-IIS-SummerIntern

- https://github.com/dactoankmapydev/crawler0121

- https://github.com/dessertlab/CTI-HAL

- https://github.com/developer3000S/PoC-in-GitHub

- https://github.com/dk47os3r/hongduiziliao

- https://github.com/edeca/rtfraptor

- https://github.com/ekgg/Overflow-Demo-CVE-2017-11882

- https://github.com/emaan122/Note2

- https://github.com/embedi/CVE-2017-11882

- https://github.com/emtee40/APT_CyberCriminal_Campagin_Collections

- https://github.com/eric-erki/APT_CyberCriminal_Campagin_Collections

- https://github.com/felipealfonsog/felipealfonsog

- https://github.com/fengjixuchui/RedTeamer

- https://github.com/futureFfff/CVE-2017

- https://github.com/geeksniper/Red-team-toolkit

- https://github.com/getanehAl/Red-Team-OPS

- https://github.com/gold1029/Red-Teaming-Toolkit

- https://github.com/greekgothguy/cool_sites_and_tools

- https://github.com/gyaansastra/Red-Team-Toolkit

- https://github.com/hasee2018/Safety-net-information

- https://github.com/havocykp/Vulnerability-analysis

- https://github.com/hectorgie/PoC-in-GitHub

- https://github.com/herbiezimmerman/CVE-2017-11882-Possible-Remcos-Malspam

- https://github.com/hktalent/TOP

- https://github.com/hktalent/bug-bounty

- https://github.com/houjingyi233/office-exploit-case-study

- https://github.com/hudunkey/Red-Team-links

- https://github.com/imkidz0/CVE-2017-11882

- https://github.com/iwarsong/apt

- https://github.com/j0lama/CVE-2017-11882

- https://github.com/jadeapar/Dragonfish-s-Malware-Cyber-Analysis

- https://github.com/jaychouzzk/-

- https://github.com/jbmihoub/all-poc

- https://github.com/jnadvid/RedTeamTools

- https://github.com/jnanasaj/All-in-one-Malware-Analysis

- https://github.com/john-80/-007

- https://github.com/jstrosch/malware-samples

- https://github.com/jvdroit/APT_CyberCriminal_Campagin_Collections

- https://github.com/kerolesgamal58/CTF-ShellCode-Analysis

- https://github.com/kimreq/red-team

- https://github.com/koorchik/dissert

- https://github.com/koorchik/llm-analysis-of-text-data

- https://github.com/landscape2024/RedTeam

- https://github.com/li-zhenyuan/Knowledge-enhanced-Attack-Graph

- https://github.com/likekabin/APT_CyberCriminal_Campagin_Collections

- https://github.com/likekabin/CVE-2017-11882

- https://github.com/likekabin/CVE-2018-0802_CVE-2017-11882

- https://github.com/likekabin/CyberMonitor-APT_CyberCriminal_Campagin_Collections

- https://github.com/likekabin/Red-Teaming-Toolkit

- https://github.com/likekabin/Red-Teaming-Toolkit_all_pentests

- https://github.com/likescam/APT_CyberCriminal_Campagin_Collections

- https://github.com/likescam/CVE-2017-11882

- https://github.com/likescam/CVE-2018-0802_CVE-2017-11882

- https://github.com/likescam/CyberMonitor-APT_CyberCriminal_Campagin_Collections

- https://github.com/likescam/Red-Teaming-Toolkit

- https://github.com/likescam/Red-Teaming-Toolkit_all_pentests

- https://github.com/lisinan988/CVE-2017-11882-exp

- https://github.com/littlebin404/CVE-2017-11882

- https://github.com/lnick2023/nicenice

- https://github.com/lp008/Hack-readme

- https://github.com/mmedinabet/Phishing-Labs-

- https://github.com/mohamed45237/mohamed45237

- https://github.com/mooneee/Red-Teaming-Toolkit

- https://github.com/mrinconroldan/red-teaming-toolkit

- https://github.com/mucahittopal/Pentesting-Pratic-Notes

- https://github.com/n18dcat053-luuvannga/DetectPacket-CVE-2017-11882

- https://github.com/neharidha/Phishing-Analysis-Tools-

- https://github.com/nitishbadole/pentesting_Notes

- https://github.com/nobiusmallyu/kehai

- https://github.com/p2-98/Research-Exploit-Office

- https://github.com/pandazheng/Threat-Intelligence-Analyst

- https://github.com/parasharkc/Datacom-Cyber-Security-Job-Simulation

- https://github.com/password520/RedTeamer

- https://github.com/paulveillard/cybersecurity-exploit-development

- https://github.com/phamphuqui1998/Research-Exploit-Office

- https://github.com/pondoksiber/Catatan_CVE

- https://github.com/qazbnm456/awesome-cve-poc

- https://github.com/qiantu88/office-cve

- https://github.com/r0eXpeR/supplier

- https://github.com/r0r0x-xx/Red-Team-OPS-Modern-Adversary

- https://github.com/reph0r/Poc-Exp-Tools

- https://github.com/reph0r/Shooting-Range

- https://github.com/reph0r/poc-exp

- https://github.com/reph0r/poc-exp-tools

- https://github.com/ringo360/ringo360

- https://github.com/rip1s/CVE-2017-11882

- https://github.com/romeomallavo/Malware-Analysis-RTF-Document-Lab

- https://github.com/rusty-sec/lotus-scripts

- https://github.com/rxwx/CVE-2018-0802

- https://github.com/scriptsboy/Red-Teaming-Toolkit

- https://github.com/shr3ddersec/Shr3dKit

- https://github.com/sifatnotes/cobalt_strike_tutorials

- https://github.com/slimdaddy/RedTeam

- https://github.com/smithmichael11/smithmichael11

- https://github.com/starnightcyber/CVE-2017-11882

- https://github.com/sumas/APT_CyberCriminal_Campagin_Collections

- https://github.com/sv3nbeast/Attack-Notes

- https://github.com/svbjdbk123/-

- https://github.com/t31m0/Red-Teaming-Toolkit

- https://github.com/thezimtex/red-team

- https://github.com/tingsama/hacking-p2

- https://github.com/toannd96/crawler0121

- https://github.com/triw0lf/Security-Matters-22

- https://github.com/twensoo/PersistentThreat

- https://github.com/tzwlhack/CVE-2017-11882

- https://github.com/u53r55/Security-Tools-List

- https://github.com/unamer/CVE-2017-11882

- https://github.com/unusualwork/red-team-tools

- https://github.com/wateroot/poc-exp

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/winterwolf32/Red-teaming

- https://github.com/wirasecure/hongdui

- https://github.com/wrlu/Vulnerabilities

- https://github.com/wwong99/hongdui

- https://github.com/wzxmt/CVE-2017

- https://github.com/x86trace/Red-Team-Ops-Toolbox

- https://github.com/xbl3/Red-Teaming-Toolkit_infosecn1nja

- https://github.com/xbl3/awesome-cve-poc_qazbnm456

- https://github.com/xdrake1010/CVE-2017-11882-Preventer

- https://github.com/xiaoZ-hc/redtool

- https://github.com/xiaoy-sec/Pentest_Note

- https://github.com/yaakulya123/Phishing-Investigation-Case

- https://github.com/yaseenibnakhtar/001-Malware-Analysis-CVE-2017-11882

- https://github.com/yut0u/RedTeam-BlackBox

- https://github.com/zhang040723/web

- https://github.com/zhanpengliu-tencent/medium-cve

- https://github.com/zhouat/cve-2017-11882