GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → thom-s → Docx Embeddedhtml Injection

thom-s / Docx Embeddedhtml Injection

Licence: unlicense
Word 2016 vulnerability allows injecting HTML/JS code into a docx file's embeddedHTML="" tags.

Programming Languages

powershell
5483 projects

Labels

microsoftvulnerabilityword

Projects that are alternatives of or similar to Docx Embeddedhtml Injection

Phpstamp
The XSL-way templating library for MS Office Word DOCX documents.
Stars: ✭ 150 (+64.84%)
Mutual labels:  microsoft, word
Docx
Easily generate .docx files with JS/TS with a nice declarative API. Works for Node and on the Browser.
Stars: ✭ 2,150 (+2262.64%)
Mutual labels:  microsoft, word
Rage
Rage allows you to execute any file in a Microsoft Office document.
Stars: ✭ 68 (-25.27%)
Mutual labels:  microsoft, word
Etherpad Lite
Etherpad: A modern really-real-time collaborative document editor.
Stars: ✭ 11,937 (+13017.58%)
Mutual labels:  microsoft, word
wordroller
Free Microsoft Word document (aka .docx) processing library for .Net
Stars: ✭ 17 (-81.32%)
Mutual labels:  microsoft, word
latex in word
LaTeX equation edition in a macro-enabled Word document
Stars: ✭ 29 (-68.13%)
Mutual labels:  microsoft, word
CVE-2021-33766
ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit
Stars: ✭ 37 (-59.34%)
Mutual labels:  microsoft, vulnerability
Huorong vulnerabilities
Huorong Internet Security vulnerabilities 火绒安全软件漏洞
Stars: ✭ 85 (-6.59%)
Mutual labels:  vulnerability
Ble Security Attack Defence
✨ Purpose only! The dangers of Bluetooth Low Energy(BLE)implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks.
Stars: ✭ 88 (-3.3%)
Mutual labels:  vulnerability
Vulstudy
使用docker快速搭建各大漏洞靶场,目前可以一键搭建17个靶场。
Stars: ✭ 1,245 (+1268.13%)
Mutual labels:  vulnerability
Evilclippy
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
Stars: ✭ 1,224 (+1245.05%)
Mutual labels:  word
Active Directory B2c Javascript Nodejs Webapi
A small Node.js Web API for Azure AD B2C that shows how to protect your web api and accept B2C access tokens using Passport.js.
Stars: ✭ 85 (-6.59%)
Mutual labels:  microsoft
Rvd
Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
Stars: ✭ 87 (-4.4%)
Mutual labels:  vulnerability
Awesome Pronunciation
💬 How to pronounce Programming words?
Stars: ✭ 84 (-7.69%)
Mutual labels:  word
Daily Coding Problem
Series of the problem 💯 and solution ✅ asked by Daily Coding problem👨‍🎓 website.
Stars: ✭ 90 (-1.1%)
Mutual labels:  microsoft
Weditor
🍋支持多人协作的 富文本 编辑器
Stars: ✭ 82 (-9.89%)
Mutual labels:  word
Audit Check
🛡️ GitHub Action for security audits
Stars: ✭ 90 (-1.1%)
Mutual labels:  vulnerability
Trackray
溯光 (TrackRay) 3 beta⚡渗透测试框架(资产扫描|指纹识别|暴力破解|网页爬虫|端口扫描|漏洞扫描|代码审计|AWVS|NMAP|Metasploit|SQLMap)
Stars: ✭ 1,295 (+1323.08%)
Mutual labels:  vulnerability
Windows
Various batch files for Windows
Stars: ✭ 87 (-4.4%)
Mutual labels:  microsoft
Castle Winbuntu
Homesick Castle for use on WSL.
Stars: ✭ 87 (-4.4%)
Mutual labels:  microsoft
View All Similar Projects ➔

docx-embeddedhtml-injection

Researchers at Cymulate found a vulnerability in Microsoft Word documents with an embedded video player. This vulnerability lets anyone inject HTML code in place of the expected Youtube iframe.

This PowerShell script exploits this known vulnerability in documents with embedded online videos by injecting them with HTML code, replacing the values of all pre-existing embeddedHtml tags. Microsoft Word will execute any HTML you inject, here's an example :

xml_docx_example

The process to inject the HTML code can be somewhat tedious. This script attempts to automate this process.

How to use

Prerequisites

You will need a Word document with at least one or more online videos. To add an online video in a Word document, simply go to Insert > Online Video and search for a video. If you have any issues, refer to the official Microsoft documentation.

This script was made using PowerShell 5.1, so you will need PowerShell version 5.1 or a newer version.

To use this function in the PowerShell terminal, you can simply dot source it from the terminal :

PS C:\> . C:\scripts\docx-embedded-html.ps1

PS C:\> Inject-Docx -Path "C:\This\Is\A\test.docx" -HtmlBlock "<h3>Test</h3>"

To use this function in a script, you will need to dot source it in the script :

. C:\scripts\docx-embedded-hmtl.ps1

Function

Here's how the function works :

Inject-Docx -Path "C:\This\Is\A\test.docx" -HtmlBlock "<h3>Test</h3>" -DestinationName "destination.docx"

-Path being the path of the original document.

-HtmlBlock being the HTML block to be injected.

-DestinationName being the file name of the final document. This parameter is optional (default is "output.docx")

Vulnerability mitigation

Currently, the only way to mitigate this vulnerability is to block Word documents containing embedded video. Microsoft has not acknowledged this as being a vulnerability, and seem to have no plan to fix it. Here is the official response from Jeff Jones, senior director at Microsoft :

“The product is properly interpreting html as designed — working in the same manner as similar products.”

Source

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].