Vulnerability & Exploit Database

Back to search

Microsoft Office Word Malicious Hta Execution

This module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a olelink object can make a http(s) request, and execute hta code in response. This bug was originally seen being exploited in the wild starting in Oct 2016. This module was created by reversing a public malware sample.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name



  • Haifei Li
  • ryHanson
  • wdormann
  • DidierStevens
  • vysec
  • Nixawk
  • sinn3r <sinn3r [at]>



  • Microsoft Office Word


  • windows



Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/fileformat/office_word_hta msf exploit(office_word_hta) > show targets ...targets... msf exploit(office_word_hta) > set TARGET <target-id> msf exploit(office_word_hta) > show options and set options... msf exploit(office_word_hta) > exploit

Related Vulnerabilities