Microsoft Word OLE Security Feature Bypass

This repository is a small exploit-builder project with 4 files: a license, a README, and two Python scripts. It is not a scanner or detector; it generates malicious artifacts for a document-based exploit chain targeting CVE-2026-21514 and CVE-2026-21510. Structure and purpose: - README.md documents the intended exploit chain and experimentation notes. It describes a Protected View/SBX bypass component and an RCE component, including CLSID changes, XML/object changes, and possible DLL-to-CPL substitution. - gen_rtf.py builds exploit.rtf by inserting a UTF-16-style null-padded UNC/WebDAV path into a large hardcoded RTF/OLE blob. The embedded path is \\127.0.0.1@80/final.lnk, indicating the document is meant to cause retrieval of a remote LNK over port 80 via WebDAV-like UNC syntax. - make_lnk.py builds final.lnk from hardcoded hex templates plus a null-padded remote payload path. The referenced payload path is \\127.0.0.1\cc.dll. The script comments explicitly suggest generating the DLL with msfvenom using windows/meterpreter/reverse_tcp. Main exploit capabilities: - Generates a malicious RTF lure document. - Embeds a remote UNC/WebDAV path to a malicious LNK file. - Generates a malicious LNK that references a remote DLL payload over SMB/UNC. - Includes embedded HTML/JavaScript/ActiveX logic inside the LNK data, apparently to trigger file/URL handling and object loading behavior. - Supports straightforward operator customization by changing the hardcoded remote paths and replacing the DLL payload. Operationally, this is an exploit builder rather than a full delivery framework. The payload is basic and hardcoded, so OPERATIONAL is the best fit rather than WEAPONIZED. The code is clearly intended to achieve code execution on a vulnerable Windows/Office target by chaining remote file retrieval and DLL loading.