CVE-2020-0674 Exploitable through Office docs. Price dropped.

[Windefender]

CVE 2020-0674 Is IE vulnerability patched in 2020 Feb. MS Office Addins use default browser IE or edge only no matter what other browsers are installed on computer. This exploit will work with MS office on below mentioned computers ....

 Windows 7 x86 Yes
Windows 8 x86 Yes
Windows 8.1 x86 Yes
Windows 10 x86 ver. > = 1903 Yes
Windows 7 x64 Yes
Windows 8 x64 Yes
Windows 8.1 x64 Yes

Windows 10 ver. <1903 / Office 365  
Windows 10 ver. > = 1903 / Office 365 ver <16.0.116291
   
   
Office 2007 to office 365 ver <16.0.11629 yes [/ CODE]

[CODE] REF :: https://docs.microsoft.com/en-us/office/dev/add-ins/concepts/browsers-used-by-office-web-add-ins

Price 25k USD, payment in BTC.

Escrow deal is welcome, you pay the fee.

Runtime bypass on AVG, Avast, Kasper, Mcaffee, Windows Defender, ESET, Avira (Other AV can check on demand)

Scantime:
A.
A.HTML file: https://avcheck.net/id/YNwpDiI5FuxD
A.
A.Doc file: https://avcheck.net/id/roPQenULGGuuS
A.
A.Payload is embedded in document.

 

[tabac]

hello. escrow, deposit? give pls your jabber

 

[Windefender]

Escrow is welcome no problem. For deposit I don't have funds. Jabber sent you in PM.

 

[dav01]

are u sure that exploit don't need any addition actions from user? just "Enable Editing" and nothing else?
as i known web extension require "allow use extension" on first run

 

[yashechka]

https://xss.pro/threads/37388/#post-227212

 

[Windefender]

[QUOTE = "yashechka, post: 227216, member: 136806"]
[URL unfurl = "true"] https://xss.pro/threads/37388/#post-227212 [/ URL]
[/ QUOTE]


The POC in question is

 For free posting - https://github.com/maxpl0it/CVE-2020-0674-Exploit

This POC only works on windows 7 and only x64. What I am selling is not a Proof of concept but fully weaponized working exploit. With major AV bypassed on runtime.

Windows 7 x86 Yes
Windows 8 x86 Yes
Windows 8.1 x86 Yes
Windows 10 x86 ver. > = 1903 Yes
Windows 7 x64 Yes
Windows 8 x64 Yes
Windows 8.1 x64 Yes

Windows 10 ver. <1903 / Office 365
Windows 10 ver. > = 1903 / Office 365 ver <16.0.116291


Office 2007 to office 365 ver <16.0.11629 yes

 

[Windefender]

Please before posting and trashing sales thread, read properly. And if moderator wants to test the exploit most welcome.

 

[Windefender]

Still selling. FUD....

 

[Windefender]

The price is dropped to 12k. The exploit was patched in Feb 2020, now it is October so there is decrease in price.

 

[RobTegg]

i see plenty sellers of such product not even one provide the test in the putty it is sad when seller serious write me for the test