关联漏洞
标题:
Microsoft Outlook 安全漏洞
(CVE-2023-23397)
描述:Microsoft Outlook是美国微软(Microsoft)公司的一套电子邮件应用程序。 Microsoft Outlook存在安全漏洞。以下产品和版本受到影响:Microsoft Office LTSC 2021 for 32-bit editions,Microsoft Outlook 2016 (32-bit edition),Microsoft Office LTSC 2021 for 64-bit editions,Microsoft 365 Apps for Enterprise for
描述
Generates meeting requests taking advantage of CVE-2023-23397. This requires the outlook thick client to send.
介绍
# CVE-2023-23397 MS Outlook Vulnerability Exploitation
[CVE-2023-23397](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397) is a vulnerability in Microsoft Outlook that allows an attacker to potentially exfiltrate user authentication details. The vulnerability stems from the ability of an attacker to specify a Universal Naming Convention (UNC) path in the "ReminderSoundFile" property within an email or meeting invite. When the reminder triggers in Outlook, the user's client attempts to load the sound file specified in the path. If Outlook initiates an SMB connection to a remote SMB server, it might be possible for the attacker to intercept the user's Net-NTLMv2 hash and relay this to authenticate as the user.
This GitHub project contains a proof-of-concept (PoC) Python script to demonstrate the exploitation of this vulnerability. The PoC is based on concepts from Dominic Chell's MDSec post [Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability](https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/) and ports these concepts to Python using the win32com.client library.
## Usage
1. Clone the repository and navigate to the project directory.
2. Replace the BAD_ADDRESS variable in the cve-2023-23397.py script with the desired UNC path for the external resource.
- The UNC path can also be used to [make a WebDAV request](https://www.n00py.io/2019/06/understanding-unc-paths-smb-and-webdav/) to an external domain by appending "@80" or "@SSL@443" to the hostname / IP
3. Set the MEETING_RECIPIENTS and other variables as needed.
4. Run the cve-2023-23397.py script to send the meeting request and exploit the vulnerability.
## Note
This script uses the win32com.client library, which is Windows specific and requires the pywin32 package. Install it using pip install pywin32 before running the script.
## Disclaimer
This project is for educational and research purposes only. The authors and contributors are not responsible for any misuse or damage caused by the exploitation of this vulnerability. Please use responsibly and ensure you have proper authorization before testing.
文件快照
[4.0K] /data/pocs/11c1898f5b892da4e996af2de93c87127d4d07fd
├── [3.1K] cve-2023-23397.py
├── [ 11K] LICENSE
└── [2.2K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。