POC + Exploit CVE-2023-23397
by Farfallaiero - Wednesday December 13, 2023 at 05:23 PM
Breached
Member
Posts: 7
Threads: 0
Joined: Dec 2024
Reputation: 0
#21
12-28-2024, 12:37 PM
(12-13-2023, 05:23 PM)Farfallaiero Wrote: CVE-2023-23397 is a vulnerability in MS Outlook that allows an attacker to potentially exfil user authentication details. The vulnerability relates to the the ability for an attacker to specify a UNC path in the "ReminderSoundFile" property within an email/meeting invite - when the reminder triggers in Outlook, the user's Outlook client attempts to load the sound file specified in the path. If Outlook attempts to initiate an SMB connection to a remote SMB server, it might be possible for the attacker to intercept the user's Net-NTLMv2 hash and relay this to authenticate as the user.

kind of looks fun
Reply
Banned

Posts: 38
Threads: 0
Joined: Jan 2025
Reputation: 0
#22
02-17-2025, 07:32 PM
I will try this vulnerability.
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Leeching | http://breached26tezcofqla4adzyn22notfqw...an-Appeals if you feel this is incorrect.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Exploit Hikvision Camera cctv A3g00n 160 4,516 Today, 02:36 AM
Last Post: v3nuzc0d3r2325
  Exploit Safety-net PoC Inexorable_Baer 2 240 08-02-2025, 08:53 AM
Last Post: Inexorable_Baer
  University of lowa is Vulnerable to CVE-2023-49103 creek97 1 4,252 04-11-2025, 05:46 AM
Last Post: dghdj
  Telerik Exploit report server A3g00n 1 407 04-11-2025, 04:16 AM
Last Post: dghdj
  Ivanti/Pulse VPN Client Exploit leading to a privilege escalation Loki 17 1,771 04-07-2025, 03:34 PM
Last Post: ansikkamakola

Forum Jump:


 Users browsing this thread: