DDE Code Execution in MS Word Patched?

Home Forums DDE Code Execution in MS Word Patched?

This topic contains 0 replies, has 1 voice, and was last updated by  BrianMiz 3 weeks, 5 days ago.

  • Author
    Posts
  • #123622

    BrianMiz
    Member

    So I’m trying to get a payload working with the new-ish DDE code execution in Microsoft Word, as discussed in the following blog post:

    https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/

    I’m 99.9% sure I’m doing everything in this post to the letter, working on a current version of Windows 10 and Microsoft Word. However, I can’t even get calc.exe to execute as shown in the post. The first prompt as shown in the blog does appear, asking me if I want to load data from other locations. I click “yes”, and then nothing happens. No second prompt, no code execution, no nothing.

    I’ve tried googling around, but if Microsoft has patched this vulnerability I can find no evidence of it online. From what I can tell they consider it a “feature”.

    What am I doing wrong? This is what my formula field contains:

    {DDEAUTO c:\windows\system32\cmd.exe “/k calc.exe”}

You must be logged in to reply to this topic.