So in the last post, we discussed how to insert your own payload by reversing a malware sample. Here, we are going to discuss how to execute an Office 2007 exploit on Office 2010.In order to complete this exercise, we will use the same exploit as in the last post, and by taking all the code from the last exploit, we will proceed ahead.
We will also have to bypass DEP (Data Execution Prevention) since in Office 2010, DEP is enabled by default. I hope you’re familiar with DEP, but if not, here’s a brief description:
“Data Execution Prevention (DEP) is a security feature included in modern operating systems. It is known to be available in Linux, Mac OS X, iOS, Microsoft Windows and Android operating systems and is intended to prevent an application or service from executing code from a non-executable memory region. This helps prevent certain exploits that store code via a buffer overflow.“
Anyway, don’t worry and don’t get confused. I will explain each and every line in detail so that by the end of this contribution, you will be well aware of how to run the exploit.
read more.............http://resources.infosecinstitute.com/executing-office-2007-exploit-on-office-2010/?goback=%2Egmp_970937%2Egde_970937_member_209331467