├── CVE-2012-0158&CVE-2012-1856 ├── CVE-2012-0158 │ ├── 09700a4d4979dfb98ce3a04db59efd8d522d5f06bee756af767dc94519a604fd.bin.gz │ └── README.md ├── CVE-2012-1856 │ ├── 76021e5a95a666f468dc7ea99e5a49e5d42b82bc37e9e9a4338b24155ed4451a.bin.gz │ ├── CVE-2012-1856分析报告.pdf │ └── README.md ├── MSCOMCTL_2007.OCX ├── README.md └── mscomctl_2007.dbg ├── CVE-2013-3906 ├── 0639c38a0a563284cd96b3cd4caddc09263d6891c79c4241d98abb3fcea32c27.bin.gz └── README.md ├── CVE-2014-1761 ├── README.md └── e378eef9f4ea1511aa5e368cb0e52a8a68995000b8b1e6207717d9ed09e8555a.bin.gz ├── CVE-2014-4114&CVE-2014-6352 ├── 70b8d220469c8071029795d32ea91829f683e3fbbaa8b978a31a0974daee8aaf.bin.gz ├── README.md └── e99f089bf209d5caea948f424881cbf6652658b973a5b97dbb59db6e03e8c907.bin.gz ├── CVE-2015-0097 ├── Create-Recordset.hta ├── POC-Generator.vbs ├── README.md ├── Readme + Instructions.rtf └── poc.bin ├── CVE-2015-1641 ├── 8bb066160763ba4a0b65ae86d3cfedff8102e2eacbf4e83812ea76ea5ab61a31.bin.gz └── README.md ├── CVE-2015-2545 ├── 3a65d4b3bc18352675cd02154ffb388035463089d59aad36cadb1646f3a3b0fc.bin.gz └── README.md ├── CVE-2016-7193 ├── 00bc76898f07f18122f386b890d79c9338d223a5b5c89213a4bbf1040bccfa28.bin.gz └── README.md ├── CVE-2017-0199&CVE-2017-8570 └── README.md ├── CVE-2017-0261&CVE-2017-0262 ├── 6785e29698444243677300db6a0c519909ae9e620d575e76d9be4862b33ed490.bin.gz ├── 91acb0d56771af0196e34ac95194b3d0bf3200bc5f6208caf3a91286958876f9.bin.gz ├── README.md └── ef783cc3c4e1e0649b4629f3396cff4c0e0e0e67c07cacb8a9ae7c0cfa16bf0c.bin.gz ├── CVE-2017-11826 ├── README.md └── aed93c002574f25dabd1859f080203a2c8f332e92c80db9aa983316695d938d3.bin.gz ├── CVE-2017-11882&CVE-2018-0802&CVE-2018-0798 ├── 25a473ec43acfe80182d3fd6cd9cf87ac362a18b78a554bf1dda8d9dc05bee08.bin.gz ├── README.md ├── cve-2018-0802 poc with aslr-bypass.rtf └── cve-2018-0802 poc with comments.rtf ├── CVE-2017-8759 ├── 0b4ef455e385b750d9f90749f1467eaf00e46e8d6c2885c260e1b78211a51684.bin.gz └── README.md ├── README.md └── papers ├── Attacking Interoperability-An OLE Edition.pdf ├── Moniker Magic-Running Scripts Directly in Microsoft Office.pdf ├── OLE object are still dangerous today-Exploiting Microsoft Office.pdf └── Persisting with Microsoft Office-Abusing Extensibility Options.pdf /CVE-2012-0158&CVE-2012-1856/CVE-2012-0158/09700a4d4979dfb98ce3a04db59efd8d522d5f06bee756af767dc94519a604fd.bin.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2012-0158&CVE-2012-1856/CVE-2012-0158/09700a4d4979dfb98ce3a04db59efd8d522d5f06bee756af767dc94519a604fd.bin.gz -------------------------------------------------------------------------------- /CVE-2012-0158&CVE-2012-1856/CVE-2012-0158/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2012-0158&CVE-2012-1856/CVE-2012-0158/README.md -------------------------------------------------------------------------------- /CVE-2012-0158&CVE-2012-1856/CVE-2012-1856/76021e5a95a666f468dc7ea99e5a49e5d42b82bc37e9e9a4338b24155ed4451a.bin.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2012-0158&CVE-2012-1856/CVE-2012-1856/76021e5a95a666f468dc7ea99e5a49e5d42b82bc37e9e9a4338b24155ed4451a.bin.gz -------------------------------------------------------------------------------- /CVE-2012-0158&CVE-2012-1856/CVE-2012-1856/CVE-2012-1856分析报告.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2012-0158&CVE-2012-1856/CVE-2012-1856/CVE-2012-1856分析报告.pdf -------------------------------------------------------------------------------- /CVE-2012-0158&CVE-2012-1856/CVE-2012-1856/README.md: -------------------------------------------------------------------------------- 1 | I wrote an analysis myself:[CVE-2012-1856 Office ActiveX控件MSCOMCTL.OCX UAF漏洞分析](https://bbs.kanxue.com/thread-223844.htm). 2 | -------------------------------------------------------------------------------- /CVE-2012-0158&CVE-2012-1856/MSCOMCTL_2007.OCX: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2012-0158&CVE-2012-1856/MSCOMCTL_2007.OCX -------------------------------------------------------------------------------- /CVE-2012-0158&CVE-2012-1856/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2012-0158&CVE-2012-1856/README.md -------------------------------------------------------------------------------- /CVE-2012-0158&CVE-2012-1856/mscomctl_2007.dbg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2012-0158&CVE-2012-1856/mscomctl_2007.dbg -------------------------------------------------------------------------------- /CVE-2013-3906/0639c38a0a563284cd96b3cd4caddc09263d6891c79c4241d98abb3fcea32c27.bin.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2013-3906/0639c38a0a563284cd96b3cd4caddc09263d6891c79c4241d98abb3fcea32c27.bin.gz -------------------------------------------------------------------------------- /CVE-2013-3906/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2013-3906/README.md -------------------------------------------------------------------------------- /CVE-2014-1761/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2014-1761/README.md -------------------------------------------------------------------------------- /CVE-2014-1761/e378eef9f4ea1511aa5e368cb0e52a8a68995000b8b1e6207717d9ed09e8555a.bin.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2014-1761/e378eef9f4ea1511aa5e368cb0e52a8a68995000b8b1e6207717d9ed09e8555a.bin.gz -------------------------------------------------------------------------------- /CVE-2014-4114&CVE-2014-6352/70b8d220469c8071029795d32ea91829f683e3fbbaa8b978a31a0974daee8aaf.bin.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2014-4114&CVE-2014-6352/70b8d220469c8071029795d32ea91829f683e3fbbaa8b978a31a0974daee8aaf.bin.gz -------------------------------------------------------------------------------- /CVE-2014-4114&CVE-2014-6352/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2014-4114&CVE-2014-6352/README.md -------------------------------------------------------------------------------- /CVE-2014-4114&CVE-2014-6352/e99f089bf209d5caea948f424881cbf6652658b973a5b97dbb59db6e03e8c907.bin.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2014-4114&CVE-2014-6352/e99f089bf209d5caea948f424881cbf6652658b973a5b97dbb59db6e03e8c907.bin.gz -------------------------------------------------------------------------------- /CVE-2015-0097/Create-Recordset.hta: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2015-0097/Create-Recordset.hta -------------------------------------------------------------------------------- /CVE-2015-0097/POC-Generator.vbs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2015-0097/POC-Generator.vbs -------------------------------------------------------------------------------- /CVE-2015-0097/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2015-0097/README.md -------------------------------------------------------------------------------- /CVE-2015-0097/Readme + Instructions.rtf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2015-0097/Readme + Instructions.rtf -------------------------------------------------------------------------------- /CVE-2015-0097/poc.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2015-0097/poc.bin -------------------------------------------------------------------------------- /CVE-2015-1641/8bb066160763ba4a0b65ae86d3cfedff8102e2eacbf4e83812ea76ea5ab61a31.bin.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2015-1641/8bb066160763ba4a0b65ae86d3cfedff8102e2eacbf4e83812ea76ea5ab61a31.bin.gz -------------------------------------------------------------------------------- /CVE-2015-1641/README.md: -------------------------------------------------------------------------------- 1 | reference:[CVE-2015-1641 Word 利用样本分析](https://paper.seebug.org/351/) 2 | -------------------------------------------------------------------------------- /CVE-2015-2545/3a65d4b3bc18352675cd02154ffb388035463089d59aad36cadb1646f3a3b0fc.bin.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2015-2545/3a65d4b3bc18352675cd02154ffb388035463089d59aad36cadb1646f3a3b0fc.bin.gz -------------------------------------------------------------------------------- /CVE-2015-2545/README.md: -------------------------------------------------------------------------------- 1 | reference:[CVE-2015-2545 Word 利用样本分析](https://paper.seebug.org/368/) 2 | -------------------------------------------------------------------------------- /CVE-2016-7193/00bc76898f07f18122f386b890d79c9338d223a5b5c89213a4bbf1040bccfa28.bin.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2016-7193/00bc76898f07f18122f386b890d79c9338d223a5b5c89213a4bbf1040bccfa28.bin.gz -------------------------------------------------------------------------------- /CVE-2016-7193/README.md: -------------------------------------------------------------------------------- 1 | reference:[APT 攻击利器-Word 漏洞 CVE-2016-7193 原理揭秘](https://paper.seebug.org/288/) 2 | -------------------------------------------------------------------------------- /CVE-2017-0199&CVE-2017-8570/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2017-0199&CVE-2017-8570/README.md -------------------------------------------------------------------------------- /CVE-2017-0261&CVE-2017-0262/6785e29698444243677300db6a0c519909ae9e620d575e76d9be4862b33ed490.bin.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2017-0261&CVE-2017-0262/6785e29698444243677300db6a0c519909ae9e620d575e76d9be4862b33ed490.bin.gz -------------------------------------------------------------------------------- /CVE-2017-0261&CVE-2017-0262/91acb0d56771af0196e34ac95194b3d0bf3200bc5f6208caf3a91286958876f9.bin.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2017-0261&CVE-2017-0262/91acb0d56771af0196e34ac95194b3d0bf3200bc5f6208caf3a91286958876f9.bin.gz -------------------------------------------------------------------------------- /CVE-2017-0261&CVE-2017-0262/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2017-0261&CVE-2017-0262/README.md -------------------------------------------------------------------------------- /CVE-2017-0261&CVE-2017-0262/ef783cc3c4e1e0649b4629f3396cff4c0e0e0e67c07cacb8a9ae7c0cfa16bf0c.bin.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2017-0261&CVE-2017-0262/ef783cc3c4e1e0649b4629f3396cff4c0e0e0e67c07cacb8a9ae7c0cfa16bf0c.bin.gz -------------------------------------------------------------------------------- /CVE-2017-11826/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2017-11826/README.md -------------------------------------------------------------------------------- /CVE-2017-11826/aed93c002574f25dabd1859f080203a2c8f332e92c80db9aa983316695d938d3.bin.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2017-11826/aed93c002574f25dabd1859f080203a2c8f332e92c80db9aa983316695d938d3.bin.gz -------------------------------------------------------------------------------- /CVE-2017-11882&CVE-2018-0802&CVE-2018-0798/25a473ec43acfe80182d3fd6cd9cf87ac362a18b78a554bf1dda8d9dc05bee08.bin.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2017-11882&CVE-2018-0802&CVE-2018-0798/25a473ec43acfe80182d3fd6cd9cf87ac362a18b78a554bf1dda8d9dc05bee08.bin.gz -------------------------------------------------------------------------------- /CVE-2017-11882&CVE-2018-0802&CVE-2018-0798/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2017-11882&CVE-2018-0802&CVE-2018-0798/README.md -------------------------------------------------------------------------------- /CVE-2017-11882&CVE-2018-0802&CVE-2018-0798/cve-2018-0802 poc with aslr-bypass.rtf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2017-11882&CVE-2018-0802&CVE-2018-0798/cve-2018-0802 poc with aslr-bypass.rtf -------------------------------------------------------------------------------- /CVE-2017-11882&CVE-2018-0802&CVE-2018-0798/cve-2018-0802 poc with comments.rtf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2017-11882&CVE-2018-0802&CVE-2018-0798/cve-2018-0802 poc with comments.rtf -------------------------------------------------------------------------------- /CVE-2017-8759/0b4ef455e385b750d9f90749f1467eaf00e46e8d6c2885c260e1b78211a51684.bin.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2017-8759/0b4ef455e385b750d9f90749f1467eaf00e46e8d6c2885c260e1b78211a51684.bin.gz -------------------------------------------------------------------------------- /CVE-2017-8759/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/CVE-2017-8759/README.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/README.md -------------------------------------------------------------------------------- /papers/Attacking Interoperability-An OLE Edition.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/papers/Attacking Interoperability-An OLE Edition.pdf -------------------------------------------------------------------------------- /papers/Moniker Magic-Running Scripts Directly in Microsoft Office.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/papers/Moniker Magic-Running Scripts Directly in Microsoft Office.pdf -------------------------------------------------------------------------------- /papers/OLE object are still dangerous today-Exploiting Microsoft Office.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/papers/OLE object are still dangerous today-Exploiting Microsoft Office.pdf -------------------------------------------------------------------------------- /papers/Persisting with Microsoft Office-Abusing Extensibility Options.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/houjingyi233/office-exploit-case-study/HEAD/papers/Persisting with Microsoft Office-Abusing Extensibility Options.pdf --------------------------------------------------------------------------------