Vulnerability & Exploit Database

Back to search

Office OLE Multiple DLL Side Loading Vulnerabilities

Multiple DLL side loading vulnerabilities were found in various COM components. These issues can be exploited by loading various these components as an embedded OLE object. When instantiating a vulnerable object Windows will try to load one or more DLLs from the current working directory. If an attacker convinces the victim to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/windows/fileformat/office_ole_multiple_dll_hijack

Authors

  • Yorick Koster

References

Targets

  • All
  • COM+ Services / Windows Vista - 10 / Office 2007 - 2016 (MS15-132)
  • Shockwave Flash Object / Windows 10 / Office 2013 (APSB15-28)
  • Windows Authentication UI / Windows 10 / Office 2013 - 2016 (MS15-132)
  • Shutdown UX / Windows 10 / Office 2016 (MS15-132)
  • MapUpdateTask Tasks / Windows 10 / Office 2016 (MS16-014)
  • Microsoft Visio 2010 / Windows 7 (MS16-070)
  • Event Viewer Snapin / Windows Vista - 7 / Office 2007 - 2013 (MS15-132)
  • OLE DB Provider for Oracle / Windows Vista - 7 / Office 2007 - 2013 (MS16-014)
  • Windows Mail Find People / Windows Vista / Office 2010 (MS16-025)
  • NPS Datastore server / Windows Vista / Office 2010 (MS16-014)
  • BDA MPEG2 Transport Information Filter / Windows Vista / Office 2010 (MS16-014)

Platforms

  • windows

Architectures

  • x86
  • x64

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/fileformat/office_ole_multiple_dll_hijack msf exploit(office_ole_multiple_dll_hijack) > show targets ...targets... msf exploit(office_ole_multiple_dll_hijack) > set TARGET <target-id> msf exploit(office_ole_multiple_dll_hijack) > show options ...show and set options... msf exploit(office_ole_multiple_dll_hijack) > exploit

Related Vulnerabilities