Full title: Microsoft Office Word (2003/2007/2010/2013 +2016) Universal Silent 0day Exploit 
Category: local exploits
Platform: windows
Office 2016+2013+2010+2007+2003 versions are running smoothly. Combines your exe file with your word file. When word file is opened, your exe file opens quietly.

This module exploits a stack buffer overflow in SCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. Exploitation on this one is easy. We created a VM with Windows 7 fully patched and then installed Microsoft Office 2007 (no SP).

Versions that work windows 10+8+7.


# 0day.today @ http://0day.today/