This exploit leverages an Information Disclosure vulnerability in Microsoft WordPad. The vulnerability is associated with legacy functionality to convert an OLE 1 storage object (OLESTREAM) to the new IStorage format. By crafting a file with a malicious OLE 1 LinkedObject, an attacker can coerce authentication to an untrusted server and steal NTLM hashes. This exploit does not install an agent, it manages to obtain the NTML hash of a legitimate user.
CVE Link
Exploit Platform
Exploit Type
Product Name