CVE-2017-11882
CVE-2017-11882: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882
MITRE CVE-2017-11882: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11882
Research: https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about
Patch analysis: https://0patch.blogspot.ru/2017/11/did-microsoft-just-manually-patch-their.html
CVE-2018-0802
CVE-2018-0802: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802
Research: https://research.checkpoint.com/another-office-equation-rce-vulnerability/
Usage
usage: RTF_11882_0802.py [-h] -c COMMAND -o OUTPUT [-i INPUT]
PoC for CVE-2010-0802 And CVE-2017-11882
optional arguments:
-h, --help show this help message and exit
-c COMMAND, --command COMMAND
Command run in target system
-o OUTPUT, --output OUTPUT
Output exploit rtf
-i INPUT, --input INPUT
Input normal rtf.