POC + Exploit CVE-2023-23397
by Farfallaiero - Wednesday December 13, 2023 at 05:23 PM
#1
CVE-2023-23397 is a vulnerability in MS Outlook that allows an attacker to potentially exfil user authentication details. The vulnerability relates to the the ability for an attacker to specify a UNC path in the "ReminderSoundFile" property within an email/meeting invite - when the reminder triggers in Outlook, the user's Outlook client attempts to load the sound file specified in the path. If Outlook attempts to initiate an SMB connection to a remote SMB server, it might be possible for the attacker to intercept the user's Net-NTLMv2 hash and relay this to authenticate as the user.




Hidden Content
You must register or login to view this content.

0D|nS3c
Reply
#2
thanks a lot man
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Leeching | Contact us via http://breachedu76kdyavc6szj6ppbplfqoz3p...on/contact if you feel this is incorrect.
Reply
#3
very fun to look at these!
Reply
#4
Hope this work good sir thank you ?
Reply
#5
Thanks for sharing
Reply
#6
ok ok, so hitting on outlook is kinda of big deal these days, let's see
Reply
#7
smell me mayne....
Reply
#8
Thanks for sharing
Reply
#9
thanks for sharing hope this work.
Reply
#10
need that i loved this thnx
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [WordPress SMTP Plugin] CVE-2023-6875 + PoC who 5 1,265 02-24-2024, 09:52 PM
Last Post: MorganDam
  Wordpress Elementor 3.11.6 Exploit - Full Takeover TheGoodlife 26 8,697 02-19-2024, 07:18 PM
Last Post: therainnevercame
  Exploit - Microsoft Exchange Server Arsenic009 9 3,265 02-14-2024, 10:38 PM
Last Post: Bendelladj1
  CVE-2023-6546 KASLR Bypass ricky_bobby 0 409 02-09-2024, 03:13 AM
Last Post: ricky_bobby
  CVE-2023-29489 masscan zinzeur 3 4,160 02-09-2024, 02:14 AM
Last Post: lukaskanardo



 Users browsing this thread: 1 Guest(s)