Jump to content
YOUR-AD-HERE
HOSTING
TOOLS

CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability PoC

dEEpEst

By ADMINdEEpEst
in Bugs & Exploits

 Share

Recommended Posts

dEEpEst Hacker

ADMINdEEpEst

Posted
Posted

CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability PoC

Description

This script presents a proof of concept (PoC) for CVE-2024-21413, a significant security vulnerability discovered in Microsoft Outlook with a CVSS of 9.8. Termed the #MonikerLink bug, this vulnerability has far-reaching implications, including the potential leakage of local NTLM information and the possibility of remote code execution. Moreover, it highlights an attack vector that could bypass Office Protected View, thereby extending its threat to other Office applications.

 

Usage

Use this tool responsibly and ensure you have authorization from the target system's owner. This script requires SMTP authentication to send an email, bypassing SPF, DKIM, and DMARC checks, which helps in simulating a real-world attack scenario more effectively.

This is the hidden content, please

 

Parameters:

  • --server: SMTP server hostname or IP.
  • --port: SMTP server port.
  • --username: SMTP server username for authentication.
  • --password: SMTP server password for authentication.
  • --sender: Sender email address.
  • --recipient: Recipient email address.
  • --url: Malicious path to include in the email.
  • --subject: Email subject.

 

Initial Sending

This is the hidden content, please
/applications/core/interface/js/spacer.png">

Display in Outlook (no warnings, no Protected view)

This is the hidden content, please
/applications/core/interface/js/spacer.png">

Wireshark capture including NTLM credentials (you can also run impacket, alternatively)

This is the hidden content, please
/applications/core/interface/js/spacer.png">

 

Why SMTP Authentication?

SMTP authentication is crucial for this demonstration to ensure the email sent bypasses common email validation checks such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance). These security measures are designed to detect and prevent email spoofing, where attackers send emails from a forged address. By using authenticated SMTP, the demonstration closely mimics how a sophisticated attacker might circumvent these protections, making the testing environment more realistic and highlighting the importance of comprehensive email security practices.

 

Download 

This is the hidden content, please

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.