A Threat Allegedly Offers Microsoft Office RCE 0-day for $100,000

A threat actor has surfaced, claiming to possess Remote Code Execution (RCE) Microsoft Office zero-day exploits, presenting a significant cybersecurity concern. Offering a range of capabilities, including the execution of various file types, such as executables, Java files, PowerShell scripts, and DLLs, the actor asserts a swift payload execution time of 15 seconds to 1 minute, depending on file size and cleanliness. The exploit package includes a generator for unique hashes within documents to prolong exploit viability, along with a comprehensive kit comprising source code, a builder, vulnerability descriptions, and installation manuals. Tested and proven functional on Windows 7, 8, 10, and 11, the exploit targets vulnerable versions of Microsoft Office, spanning from 2010 to Office 365. Priced at $100,000 and payable in bitcoins or Monero, the actor guarantees technical support and demonstrates operational aspects exclusively to serious buyers.