# Microsoft Outlook 远程代码执行漏洞
## 概述
Microsoft Outlook中存在远程代码执行漏洞,攻击者可以利用此漏洞在当前用户的上下文中执行任意代码,导致权限提升或系统被完全控制。
## 影响版本
- Microsoft Outlook 2016
- Microsoft Outlook 2019
- Microsoft Outlook for Microsoft 365
## 细节
此漏洞源于Microsoft Outlook处理特定附件或邮件内容的方式。当用户打开或预览一封带有特制RTF(富文本格式)附件的电子邮件时,可能会触发此漏洞。攻击者可以通过发送恶意邮件,诱使目标用户打开邮件,从而利用此漏洞在用户的系统上执行任意代码。
## 影响
如果成功利用此漏洞,攻击者可以在用户的上下文中执行任意代码,可能导致以下几种安全威胁:
- 未经授权访问受感染的系统及其资源。
- 安装程序,查看、更改或删除数据。
- 创建具有完全用户权限的新账户。
是否为 Web 类漏洞: 未知
判断理由:
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC | https://github.com/duy-31/CVE-2024-21413 | POC详情 |
| 2 | Microsoft-Outlook-Remote-Code-Execution-Vulnerability | https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability | POC详情 |
| 3 | Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - CVE-2024-21413 POC | https://github.com/r00tb1t/CVE-2024-21413-POC | POC详情 |
| 4 | Microsoft Outlook Information Disclosure Vulnerability (leak password hash) | https://github.com/labesterOct/CVE-2024-21413 | POC详情 |
| 5 | CVE-2024-21413 PoC for THM Lab | https://github.com/CMNatic/CVE-2024-21413 | POC详情 |
| 6 | CVE-2024-21413 Açığını Kullanarak Giriş Bilgilerini Alma | https://github.com/MSeymenD/CVE-2024-21413 | POC详情 |
| 7 | None | https://github.com/Mdusmandasthaheer/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability | POC详情 |
| 8 | Bu betik, Microsoft Outlook'ta keşfedilen ve CVSS değeri 9.8 olan önemli bir güvenlik açığı olan CVE-2024-21413 için bir kavram kanıtı (PoC) sunmaktadır. MonikerLink hatası olarak adlandırılan bu güvenlik açığı, yerel NTLM bilgilerinin potansiyel sızıntısı ve uzaktan kod çalıştırma olasılığı dahil olmak üzere geniş kapsamlı etkilere sahiptir. | https://github.com/ahmetkarakayaoffical/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability | POC详情 |
| 9 | CVE-2024-21413 exploit | https://github.com/DevAkabari/CVE-2024-21413 | POC详情 |
| 10 | None | https://github.com/dshabani96/CVE-2024-21413 | POC详情 |
| 11 | CVE-2024-21413 Microsoft Outlook RCE Exploit | https://github.com/X-Projetion/CVE-2024-21413-Microsoft-Outlook-RCE-Exploit | POC详情 |
| 12 | None | https://github.com/th3Hellion/CVE-2024-21413 | POC详情 |
| 13 | This script is the Proof of Concept (PoC) of the CVE-2024-21413, a significant security vulnerability discovered in the Microsoft Windows Outlook having a strong 9.8 critical CVSS score. Named as #MonikerLink Bug, this vulnerability allows the attacker to execute the arbitrary code remotely on the victim's machine, thus becomes a full-fledged RCE. | https://github.com/ShubhamKanhere307/CVE-2024-21413 | POC详情 |
| 14 | CVE-2024-21413 PoC | https://github.com/olebris/CVE-2024-21413 | POC详情 |
| 15 | This is a mailer that use console prompt to exploit this vulnerability | https://github.com/DerZiad/CVE-2024-21413 | POC详情 |
| 16 | None | https://github.com/Redfox-Secuirty/Unveiling-Moniker-Link-CVE-2024-21413-Navigating-the-Latest-Cybersecurity-Landscape | POC详情 |
| 17 | Microsoft Outlook Remote Code Execution Vulnerability. | https://github.com/HYZ3K/CVE-2024-21413 | POC详情 |
| 18 | CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability PoC | https://github.com/ThemeHackers/CVE-2024-21413 | POC详情 |
| 19 | None | https://github.com/D1se0/CVE-2024-21413-Vulnerabilidad-Outlook-LAB | POC详情 |
| 20 | None | https://github.com/Cyber-Trambon/CVE-2024-21413-exploit | POC详情 |
| 21 | The project was created to demonstrate the use of various tools for capturing NTLM hashes from users on a network and for executing phishing attacks using email. This showcases how network authentication vulnerabilities and phishing methods can be exploited to compromise systems. | https://github.com/ArtemCyberLab/Project-NTLM-Hash-Capture-and-Phishing-Email-Exploitation-for-CVE-2024-21413 | POC详情 |
| 22 | None | https://github.com/Redfox-Security/Unveiling-Moniker-Link-CVE-2024-21413-Navigating-the-Latest-Cybersecurity-Landscape | POC详情 |
| 23 | None | https://github.com/PolarisXSec/CVE-2024-21413 | POC详情 |
| 24 | None | https://github.com/MQKGitHub/Moniker-Link-CVE-2024-21413 | POC详情 |
| 25 | None | https://github.com/yass2400012/Email-exploit-Moniker-Link-CVE-2024-21413- | POC详情 |
| 26 | This repository contains research notes and a high-level proof-of-concept (PoC) for CVE-2024-21413, a vulnerability observed in certain mail clients when handling SMB/moniker-style links embedded in messages. The PoC and experiments documented here were performed in a controlled lab environment on systems. | https://github.com/gurleen-147/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability-PoC | POC详情 |
| 27 | None | https://github.com/hau2212/Moniker-Link-CVE-2024-21413- | POC详情 |
| 28 | Outlook exploitation | https://github.com/mmathivanan17/CVE-2024-21413 | POC详情 |
| 29 | ב־13 בפברואר 2024 פרסמה Microsoft חולשת אבטחה חמורה ב־Microsoft Outlook, אשר קיבלה את הזיהוי CVE-2024-21413, ומוכרת בשם Moniker Link Vulnerability. החולשה מאפשרת לתוקף לעקוף את מנגנון Protected View של Outlook | https://github.com/eylommaayan/THM---CVE-2024-21413-Moniker-Link-Microsoft-Outlook- | POC详情 |
暂无评论