cve/2017/CVE-2017-0199.md

### [CVE-2017-0199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0199)
![](https://img.shields.io/static/v1?label=Product&message=Office%2FWordPad&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution&color=brighgreen)

### Description

Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."

### POC

#### Reference
- http://rewtin.blogspot.nl/2017/04/cve-2017-0199-practical-exploitation-poc.html
- https://www.exploit-db.com/exploits/41894/
- https://www.exploit-db.com/exploits/41934/
- https://www.exploit-db.com/exploits/42995/

#### Github
- https://github.com/00xtrace/Red-Team-Ops-Toolbox
- https://github.com/0xMrNiko/Awesome-Red-Teaming
- https://github.com/0xStrygwyr/OSCP-Guide
- https://github.com/0xZipp0/OSCP
- https://github.com/0xdeadgeek/Red-Teaming-Toolkit
- https://github.com/0xh4di/Red-Teaming-Toolkit
- https://github.com/0xp4nda/Red-Teaming-Toolkit
- https://github.com/0xsyr0/OSCP
- https://github.com/15866095848/15866095848
- https://github.com/1o24er/RedTeam
- https://github.com/20142995/sectool
- https://github.com/2lambda123/m0chan-Red-Teaming-Toolkit
- https://github.com/3m1za4/100-Best-Free-Red-Team-Tools-
- https://github.com/6R1M-5H3PH3RD/Red_Teaming_Tool_Kit
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Adastra-thw/KrakenRdi
- https://github.com/Advisory-Emulations/APT-37
- https://github.com/Al1ex/APT-GUID
- https://github.com/Al1ex/Red-Team
- https://github.com/Amar224/Pentest-Tools
- https://github.com/AnonVulc/Pentest-Tools
- https://github.com/Apri1y/Red-Team-links
- https://github.com/AzyzChayeb/Redteam
- https://github.com/BRAINIAC22/CVE-2017-0199
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/ChennaCSP/APT37-Emulation-plan
- https://github.com/ChoeMinji/aaaaaaaaaaa
- https://github.com/CyberSecurityUP/Adversary-Emulation-Matrix
- https://github.com/DebianDave/Research_Topics
- https://github.com/DrVilepis/cyber-apocalypse-drvilepis
- https://github.com/Echocipher/Resource-list
- https://github.com/Exploit-install/CVE-2017-0199
- https://github.com/Fa1c0n35/Red-Teaming-Toolkit
- https://github.com/FlatL1neAPT/MS-Office
- https://github.com/GhostTroops/TOP
- https://github.com/H1CH444MREB0RN/PenTest-free-tools
- https://github.com/HildeTeamTNT/Red-Teaming-Toolkit
- https://github.com/ImranTheThirdEye/AD-Pentesting-Tools
- https://github.com/JERRY123S/all-poc
- https://github.com/Laud22/RedTips
- https://github.com/Loveforkeeps/Lemon-Duck
- https://github.com/Ly0nt4r/OSCP
- https://github.com/Lynk4/Windows-Server-2008-VAPT
- https://github.com/Mal-lol-git/URL-Parser
- https://github.com/Mehedi-Babu/pentest_tools_repo
- https://github.com/Micr067/Pentest_Note
- https://github.com/Mrnmap/RedTeam
- https://github.com/Nacromencer/cve2017-0199-in-python
- https://github.com/NotAwful/CVE-2017-0199-Fix
- https://github.com/Ondrik8/RED-Team
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PWN-Kingdom/Test_Tasks
- https://github.com/Panopticon-Project/Panopticon-Patchwork
- https://github.com/Parist0nH1ll/Vulnerabilities-Write-Ups
- https://github.com/Phantomlancer123/CVE-2017-0199
- https://github.com/R0B1NL1N/APTnotes
- https://github.com/RxXwx3x/Redteam
- https://github.com/S3cur3Th1sSh1t/Pentest-Tools
- https://github.com/Saidul-M-Khan/Red-Teaming-Toolkit
- https://github.com/SirElmard/ethical_hacking
- https://github.com/Soldie/Red-Team-Tool-Kit---Shr3dKit
- https://github.com/Sunqiz/CVE-2017-0199-reprofuction
- https://github.com/SwordSheath/CVE-2017-8570
- https://github.com/SyFi/cve-2017-0199
- https://github.com/Th3k33n/RedTeam
- https://github.com/TheCyberWatchers/CVE-2017-0199-v5.0
- https://github.com/Waseem27-art/ART-TOOLKIT
- https://github.com/Winter3un/cve_2017_0199
- https://github.com/YellowVeN0m/Pentesters-toolbox
- https://github.com/Ygodsec/-
- https://github.com/allwinnoah/CyberSecurity-Tools
- https://github.com/andr6/awesome-stars
- https://github.com/arcangel2308/Shr3dit
- https://github.com/atesemre/Red-Teaming-tools
- https://github.com/bakedmuffinman/Neo23x0-sysmon-config
- https://github.com/bhdresh/CVE-2017-0199
- https://github.com/blockchainguard/blockchainhacked
- https://github.com/bloomer1016/2017-11-17-Maldoc-Using-CVE-2017-0199
- https://github.com/cone4/AOT
- https://github.com/coolx28/Red-Team-tips
- https://github.com/cunyterg/oletools
- https://github.com/cunyterg/python-oletools
- https://github.com/cyb3rpeace/oletools
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/czq945659538/-study
- https://github.com/dark-vex/CVE-PoC-collection
- https://github.com/davidemily/Research_Topics
- https://github.com/decalage2/oletools
- https://github.com/deepinstinct/Israel-Cyber-Warfare-Threat-Actors
- https://github.com/devmehedi101/Red-Teaming-documentation
- https://github.com/dk47os3r/hongduiziliao
- https://github.com/e-hakson/OSCP
- https://github.com/elinakrmova/RedTeam-Tools
- https://github.com/eljosep/OSCP-Guide
- https://github.com/emtee40/win-pentest-tools
- https://github.com/fideliscyber/yalda
- https://github.com/geeksniper/Red-team-toolkit
- https://github.com/gold1029/Red-Teaming-Toolkit
- https://github.com/gyaansastra/Red-Team-Toolkit
- https://github.com/hack-parthsharma/Pentest-Tools
- https://github.com/haibara3839/CVE-2017-0199-master
- https://github.com/hasee2018/Safety-net-information
- https://github.com/herbiezimmerman/2017-11-17-Maldoc-Using-CVE-2017-0199
- https://github.com/highmeh/cvesearch
- https://github.com/hktalent/TOP
- https://github.com/houjingyi233/office-exploit-case-study
- https://github.com/hudunkey/Red-Team-links
- https://github.com/hurih-kamindo22/olltools
- https://github.com/hurih-kamindo22/olltools1
- https://github.com/jacobsoo/RTF-Cleaner
- https://github.com/jared1981/More-Pentest-Tools
- https://github.com/jbmihoub/all-poc
- https://github.com/jnadvid/RedTeamTools
- https://github.com/john-80/-007
- https://github.com/kbandla/APTnotes
- https://github.com/kdandy/pentest_tools
- https://github.com/kgwanjala/oscp-cheatsheet
- https://github.com/kimreq/red-team
- https://github.com/kn0wm4d/htattack
- https://github.com/landscape2024/RedTeam
- https://github.com/likescam/CVE-2017-0199
- https://github.com/likescam/Red-Teaming-Toolkit
- https://github.com/likescam/Red-Teaming-Toolkit_all_pentests
- https://github.com/lnick2023/nicenice
- https://github.com/lp008/Hack-readme
- https://github.com/merlinepedra/Pentest-Tools
- https://github.com/merlinepedra25/Pentest-Tools
- https://github.com/merlinepedra25/Pentest-Tools-1
- https://github.com/misteri2/olltools
- https://github.com/misteri2/olltools1
- https://github.com/mooneee/Red-Teaming-Toolkit
- https://github.com/mrinconroldan/red-teaming-toolkit
- https://github.com/mucahittopal/Pentesting-Pratic-Notes
- https://github.com/mzakyz666/PoC-CVE-2017-0199
- https://github.com/n1shant-sinha/CVE-2017-0199
- https://github.com/nccgroup/CVE-2017-8759
- https://github.com/ngadminq/Bei-Gai-penetration-test-guide
- https://github.com/nhthongDfVn/File-Converter-Exploit
- https://github.com/nicpenning/RTF-Cleaner
- https://github.com/nitishbadole/Pentest_Tools
- https://github.com/nitishbadole/oscp-note-3
- https://github.com/nitishbadole/pentesting_Notes
- https://github.com/nixawk/labs
- https://github.com/nobiusmallyu/kehai
- https://github.com/oneplus-x/MS17-010
- https://github.com/oscpname/OSCP_cheat
- https://github.com/papa-anniekey/CustomSignatures
- https://github.com/pathakabhi24/Pentest-Tools
- https://github.com/pjgmonteiro/Pentest-tools
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/qiantu88/office-cve
- https://github.com/r0eXpeR/supplier
- https://github.com/r0r0x-xx/Red-Team-OPS-Modern-Adversary
- https://github.com/r3p3r/yeyintminthuhtut-Awesome-Red-Teaming
- https://github.com/realCheesyQuesadilla/Research_Topics
- https://github.com/retr0-13/Pentest-Tools
- https://github.com/revanmalang/OSCP
- https://github.com/rosetscmite/logsender
- https://github.com/ryhanson/CVE-2017-0199
- https://github.com/sUbc0ol/Microsoft-Word-CVE-2017-0199-
- https://github.com/scriptsboy/Red-Teaming-Toolkit
- https://github.com/sec00/AwesomeExploits
- https://github.com/seclib/oletools
- https://github.com/securi3ytalent/Red-Teaming-documentation
- https://github.com/severnake/Pentest-Tools
- https://github.com/shr3ddersec/Shr3dKit
- https://github.com/slimdaddy/RedTeam
- https://github.com/stealth-ronin/CVE-2017-0199-PY-KIT
- https://github.com/sv3nbeast/Attack-Notes
- https://github.com/svbjdbk123/-
- https://github.com/t31m0/Red-Teaming-Toolkit
- https://github.com/theyoge/AD-Pentesting-Tools
- https://github.com/thezimtex/red-team
- https://github.com/tib36/PhishingBook
- https://github.com/to-be-the-one/weaponry
- https://github.com/triw0lf/Security-Matters-22
- https://github.com/twensoo/PersistentThreat
- https://github.com/txuswashere/OSCP
- https://github.com/unusualwork/red-team-tools
- https://github.com/viethdgit/CVE-2017-0199
- https://github.com/vysecurity/RedTips
- https://github.com/wddadk/Phishing-campaigns
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/winterwolf32/Red-teaming
- https://github.com/wwong99/hongdui
- https://github.com/x86trace/Red-Team-Ops-Toolbox
- https://github.com/xbl3/Red-Teaming-Toolkit_infosecn1nja
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/xhref/OSCP
- https://github.com/xiaoZ-hc/redtool
- https://github.com/xiaoy-sec/Pentest_Note
- https://github.com/yut0u/RedTeam-BlackBox
- https://github.com/zhang040723/web