POC + Exploit CVE-2023-23397
by Farfallaiero - Wednesday December 13, 2023 at 05:23 PM
CVE-2023-23397 is a vulnerability in MS Outlook that allows an attacker to potentially exfil user authentication details. The vulnerability relates to the the ability for an attacker to specify a UNC path in the "ReminderSoundFile" property within an email/meeting invite - when the reminder triggers in Outlook, the user's Outlook client attempts to load the sound file specified in the path. If Outlook attempts to initiate an SMB connection to a remote SMB server, it might be possible for the attacker to intercept the user's Net-NTLMv2 hash and relay this to authenticate as the user.

Hidden Content
You must register or login to view this content.

thanks a lot man
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Leeching | Contact us via http://breachedu76kdyavc6szj6ppbplfqoz3p...on/contact if you feel this is incorrect.
very fun to look at these!
Hope this work good sir thank you ?
Thanks for sharing
ok ok, so hitting on outlook is kinda of big deal these days, let's see
smell me mayne....
Thanks for sharing
thanks for sharing hope this work.
need that i loved this thnx

Possibly Related Threads…
Thread Author Replies Views Last Post
  [WordPress SMTP Plugin] CVE-2023-6875 + PoC who 5 1,265 02-24-2024, 09:52 PM
Last Post: MorganDam
  Wordpress Elementor 3.11.6 Exploit - Full Takeover TheGoodlife 26 8,697 02-19-2024, 07:18 PM
Last Post: therainnevercame
  Exploit - Microsoft Exchange Server Arsenic009 9 3,265 02-14-2024, 10:38 PM
Last Post: Bendelladj1
  CVE-2023-6546 KASLR Bypass ricky_bobby 0 409 02-09-2024, 03:13 AM
Last Post: ricky_bobby
  CVE-2023-29489 masscan zinzeur 3 4,160 02-09-2024, 02:14 AM
Last Post: lukaskanardo

 Users browsing this thread: 1 Guest(s)