BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • An information security specialist in one tweet wrote a PoC exploit for a critical vulnerability in Microsoft Word

    The expert shortened the code to 140 characters to bring more administrators to the problem.

    Researcher and information security expert Joshua Drake tweeted a PoC exploit code for a critical RCE vulnerability in Microsoft Word.

    The RCE vulnerability CVE-2023-21716 was fixed in February and allows an attacker to achieve remote code execution without prior authentication - a hacker can simply send a malicious RTF file to the victim by email.

    Drake was the first to discover a vulnerability in the "wwlib.dll" library of the Office suite and reported it in a detailed report to Microsoft.

    According to Drake's report, the pre-February 2023 version of the RTF parser in Microsoft Word had a heap corruption bug that could be triggered "when working with a font table (*\fonttbl*) containing an excessive number of fonts (* \f###*)".

    In this case, after launching a special heap overflow mechanism, additional memory processing occurred in the system, and a cybercriminal could use this moment to execute arbitrary code in the system by creating the necessary heap structure.

    The full version of the exploit consisted of 10 lines of code, including comments. But in order for as many system administrators as possible to pay attention to this problem and fix vulnerable systems, the researcher reduced the exploit code to one tweet.

    Experts in the field have posted a tool on GitHub to detect attempts to exploit the Drake exploit on unpatched systems.

    Author DeepWeb
    Bitdefender releases decryptor for new MortalKombat threat
    UK vows to stop Chinese cyber espionage

    Comments 0

    Add comment