一、 漏洞 CVE-2024-21413 基础信息
漏洞信息
                                        # Microsoft Outlook 远程代码执行漏洞

## 概述
Microsoft Outlook中存在远程代码执行漏洞,攻击者可以利用此漏洞在当前用户的上下文中执行任意代码,导致权限提升或系统被完全控制。

## 影响版本
- Microsoft Outlook 2016
- Microsoft Outlook 2019
- Microsoft Outlook for Microsoft 365

## 细节
此漏洞源于Microsoft Outlook处理特定附件或邮件内容的方式。当用户打开或预览一封带有特制RTF(富文本格式)附件的电子邮件时,可能会触发此漏洞。攻击者可以通过发送恶意邮件,诱使目标用户打开邮件,从而利用此漏洞在用户的系统上执行任意代码。

## 影响
如果成功利用此漏洞,攻击者可以在用户的上下文中执行任意代码,可能导致以下几种安全威胁:
- 未经授权访问受感染的系统及其资源。
- 安装程序,查看、更改或删除数据。
- 创建具有完全用户权限的新账户。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Microsoft Outlook Remote Code Execution Vulnerability
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Microsoft Outlook Remote Code Execution Vulnerability
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
输入验证不恰当
来源:美国国家漏洞数据库 NVD
漏洞标题
Microsoft Outlook 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Microsoft Outlook是美国微软(Microsoft)公司的一套电子邮件应用程序。 Microsoft Outlook 存在安全漏洞。以下产品和版本受到影响:Microsoft Office 2019 for 32-bit editions,Microsoft Office 2019 for 64-bit editions,Microsoft 365 Apps for Enterprise for 32-bit Systems,Microsoft 365 Apps for Enterprise
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2024-21413 的公开POC
# POC 描述 源链接 神龙链接
1 Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC https://github.com/duy-31/CVE-2024-21413 POC详情
2 Microsoft-Outlook-Remote-Code-Execution-Vulnerability https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability POC详情
3 Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - CVE-2024-21413 POC https://github.com/r00tb1t/CVE-2024-21413-POC POC详情
4 Microsoft Outlook Information Disclosure Vulnerability (leak password hash) https://github.com/labesterOct/CVE-2024-21413 POC详情
5 CVE-2024-21413 PoC for THM Lab https://github.com/CMNatic/CVE-2024-21413 POC详情
6 CVE-2024-21413 Açığını Kullanarak Giriş Bilgilerini Alma https://github.com/MSeymenD/CVE-2024-21413 POC详情
7 None https://github.com/Mdusmandasthaheer/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability POC详情
8 Bu betik, Microsoft Outlook'ta keşfedilen ve CVSS değeri 9.8 olan önemli bir güvenlik açığı olan CVE-2024-21413 için bir kavram kanıtı (PoC) sunmaktadır. MonikerLink hatası olarak adlandırılan bu güvenlik açığı, yerel NTLM bilgilerinin potansiyel sızıntısı ve uzaktan kod çalıştırma olasılığı dahil olmak üzere geniş kapsamlı etkilere sahiptir. https://github.com/ahmetkarakayaoffical/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability POC详情
9 CVE-2024-21413 exploit https://github.com/DevAkabari/CVE-2024-21413 POC详情
10 None https://github.com/dshabani96/CVE-2024-21413 POC详情
11 CVE-2024-21413 Microsoft Outlook RCE Exploit https://github.com/X-Projetion/CVE-2024-21413-Microsoft-Outlook-RCE-Exploit POC详情
12 None https://github.com/th3Hellion/CVE-2024-21413 POC详情
13 This script is the Proof of Concept (PoC) of the CVE-2024-21413, a significant security vulnerability discovered in the Microsoft Windows Outlook having a strong 9.8 critical CVSS score. Named as #MonikerLink Bug, this vulnerability allows the attacker to execute the arbitrary code remotely on the victim's machine, thus becomes a full-fledged RCE. https://github.com/ShubhamKanhere307/CVE-2024-21413 POC详情
14 CVE-2024-21413 PoC https://github.com/olebris/CVE-2024-21413 POC详情
15 This is a mailer that use console prompt to exploit this vulnerability https://github.com/DerZiad/CVE-2024-21413 POC详情
16 None https://github.com/Redfox-Secuirty/Unveiling-Moniker-Link-CVE-2024-21413-Navigating-the-Latest-Cybersecurity-Landscape POC详情
17 Microsoft Outlook Remote Code Execution Vulnerability. https://github.com/HYZ3K/CVE-2024-21413 POC详情
18 CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability PoC https://github.com/ThemeHackers/CVE-2024-21413 POC详情
19 None https://github.com/D1se0/CVE-2024-21413-Vulnerabilidad-Outlook-LAB POC详情
20 None https://github.com/Cyber-Trambon/CVE-2024-21413-exploit POC详情
21 The project was created to demonstrate the use of various tools for capturing NTLM hashes from users on a network and for executing phishing attacks using email. This showcases how network authentication vulnerabilities and phishing methods can be exploited to compromise systems. https://github.com/ArtemCyberLab/Project-NTLM-Hash-Capture-and-Phishing-Email-Exploitation-for-CVE-2024-21413 POC详情
22 None https://github.com/Redfox-Security/Unveiling-Moniker-Link-CVE-2024-21413-Navigating-the-Latest-Cybersecurity-Landscape POC详情
23 None https://github.com/PolarisXSec/CVE-2024-21413 POC详情
24 None https://github.com/MQKGitHub/Moniker-Link-CVE-2024-21413 POC详情
三、漏洞 CVE-2024-21413 的情报信息
四、漏洞 CVE-2024-21413 的评论

暂无评论

发表评论