关联漏洞
标题:
Microsoft Outlook 安全漏洞
(CVE-2023-23397)
描述:Microsoft Outlook是美国微软(Microsoft)公司的一套电子邮件应用程序。 Microsoft Outlook存在安全漏洞。以下产品和版本受到影响:Microsoft Office LTSC 2021 for 32-bit editions,Microsoft Outlook 2016 (32-bit edition),Microsoft Office LTSC 2021 for 64-bit editions,Microsoft 365 Apps for Enterprise for
介绍
# CVE-2023-23397
## Description
Outlook suffers from a lack of control over the user input that allows to configure the sound of a meeting and appointment reminder. An attacker is able to force a victim to make a connection to its server without any manipulation from the user (zero click vulnerability).
An attacker exploiting this vulnerability retrieves a NetNTLMv2 digest based on the password of the trapped user through an SMB request. The request is triggered as soon as the mail arrives in the inbox.
Most POC will automatically display the meeting, this POC saves the item for storage that can be sent later.
文件快照
[4.0K] /data/pocs/9f71f782701c8a7edcdfc7531550d2cee2448b4a
├── [ 829] poc.ps1
└── [ 624] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。