Microsoft Office Exploits: CVE-2015-2520 and CVE-2015-2523
So I had Word opened and Microsoft AutoUpdate ran and I saw that there were updates to install. Being curious as I was, I went to the link listed about the "security update" and saw that there were exploits that allowed for the possibility of remote code execution in various versions of Excel. To see the table showing which are exploitable, check this link out. That is where I also found the two CVE numbers that were associated with the version of Excel that I'm running: Excel 2016 for Mac. I went to exploit-db.com to check out the CVE's listed: CVE-2015-2520 and CVE-2015-2523. Being the curious type I am, I downloaded the linked files and saw that they were excel files. Tried opening them, but Excel just warned me saying that they were corrupt or that there may be some missing data; no crashes. I'm still pretty new to this world but I'm wondering, does that just mean that my Excel is vulnerable but requires a different approach than what was done with the sample on db-exploit? Or does it just mean that it could be OS specific (I'm running OS X 10.11 which has added a lot of extra security features)? I'm also wondering how an exploit like this is made, is this something you can do with a hex editor? And how might you take something like this and insert a payload?