WRITEUP #707

OLE object are still dangerous today — Exploiting Microsoft Office

RCEMemory corruption

by@edwardzpeng(zhiniang peng)

Program

Microsoft (Office)

Published

Nov 2, 2023

Added to HackDex

Feb 6, 2024

Read Full Writeuphttps://github.com/edwardzpeng/presentations/blob/main/POC%202023/OLE%20object%20are%20still%20dangerous%20today%20%E2%80%94%20Exploiting%20Microsoft%20Office.pdf

▸ RELATED WRITEUPS

4 exploits, 1 bug: exploiting cve-2024-20017 4 different ways

RCEBuffer Overflow

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS

RCEArbitrary file write

Built with ❤️ by Shubham Rawat