File tree Expand file tree Collapse file tree 1 file changed +6
-1
lines changed
modules/exploits/windows/fileformat Expand file tree Collapse file tree 1 file changed +6
-1
lines changed Original file line number Diff line number Diff line change @@ -19,10 +19,15 @@ def initialize(info={})
1919 allowing arbitrary code execution, publicly known as "Sandworm". Platforms such as Windows
2020 Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be
2121 vulnerable. However, based on our testing, the most reliable setup is on Windows platforms
22- running Office 2013. But please keep in mind that some other setups such as using Office
22+ running Office 2013. And please keep in mind that some other setups such as using Office
2323 2010 might be less stable, and sometimes may end up with a crash due to a failure in the
2424 CPackage::CreateTempFileName function.
2525
26+ This module will generate three files: an INF, a GIF, and a PPSX file. You are required to
27+ set up a SMB or Samba 3 server and host the INF and GIF there. Systems such as Ubuntu or an
28+ older version of Winodws (such as XP) work best for this because they require little
29+ configuration to get going. The PPSX file is what you should send to your target.
30+
2631 In detail, the vulnerability has to do with how the Object Packager 2 component
2732 (packager.dll) handles an INF file that contains malicious registry changes, which may be
2833 leveraged for code execution. First of all, Packager does not load the INF file directly.
You can’t perform that action at this time.
0 commit comments