Last updated at Tue, 16 Jan 2024 02:20:02 GMT
Word and Javascript are a rare duo.
Thanks to thesunRider. you too can experience the wonder of this mystical duo. The sole new metasploit module this release adds a file format attack to generate a very special document. By utilizing Javascript embedded in a Word document to trigger a chain of events that slip through various Windows facilities, a session as the user who opened the document can be yours.
Do you like spiders?
It has been 3 years since SMB2 support was added to smb share enumeration and over a year ago SMB3 support was added, yet the spiders are not done spinning their webs. Thanks to sjanusz-r7 the spiders have evolved to take advantage of these new skills and the webs can span new doorways. Updates to scanner/smb/smb_enumshares improve enumeration support for the latest Windows targets that deploy with SMB3 only by default.
New module content (1)
- Microsoft Office Word Malicious MSHTML RCE by klezVirus, lockedbyte, mekhalleh (RAMELLA Sébastien), and thesunRider, which exploits CVE-2021-40444 - This adds an exploit for CVE-2021-40444 which is a vulnerability that affects Microsoft Word. Successful exploitation results in code execution in the context of the user running Microsoft Word.
Enhancements and features
- #15854 from sjanusz-r7 - This updates the
SpiderProfilesoption as part of thescanner/smb/smb_enumsharesmodule to now work against newer SMB3 targets, such as windows 10, Windows Server 2016, and above. - #15888 from sjanusz-r7 - This adds anonymised database statistics to msfconsole's
debugcommand, which is used to help developers track down database issues as part of user generated error reports. - #15929 from bcoles - This adds nine new Windows 2003 SP2 targets that the
exploit/windows/smb/ms08_067_netapimodule can exploit.
Bugs fixed
- #15808 from timwr - This fixes a compatibility issue with Powershell
read_fileon Windows Server 2012 by using the old style Powershell syntax (New-Object). - #15937 from adfoster-r7 - This removes usage of
SortedSetto improve support for Ruby 3. - #15939 from zeroSteiner - This fixes a bug where the Meterpreter dir/ls function would show the creation date instead of the modified date for the directory contents.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).
