POC + Exploit CVE-2023-23397
by Farfallaiero - Wednesday December 13, 2023 at 05:23 PM
Breached
Member
Posts: 7
Threads: 0
Joined: Dec 2024
Reputation: 0

#21
12-28-2024, 12:37 PM
(12-13-2023, 05:23 PM)Farfallaiero Wrote: CVE-2023-23397 is a vulnerability in MS Outlook that allows an attacker to potentially exfil user authentication details. The vulnerability relates to the the ability for an attacker to specify a UNC path in the "ReminderSoundFile" property within an email/meeting invite - when the reminder triggers in Outlook, the user's Outlook client attempts to load the sound file specified in the path. If Outlook attempts to initiate an SMB connection to a remote SMB server, it might be possible for the attacker to intercept the user's Net-NTLMv2 hash and relay this to authenticate as the user.

kind of looks fun
Reply
Banned

Posts: 38
Threads: 0
Joined: Jan 2025
Reputation: 0

#22
02-17-2025, 07:32 PM
I will try this vulnerability.
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Leeching | http://breachddyfwvcp4kzccos5oxtdbssmfbp...an-Appeals if you feel this is incorrect.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Help Microsoft Teams Gif Exploit guniess0x 0 3 11 hours ago
Last Post: guniess0x
  new wordpress website takeover vuln (video + poc ) zinzeur 313 27,277 03-28-2026, 02:43 AM
Last Post: toshi99
  [POC] Google OAuth "MultiLogin" endpoint 0-day Farfallaiero 106 13,201 02-10-2026, 03:34 PM
Last Post: birhikayemvar
  Ban Any Discord Exploit PhineasFisher 6 295 02-08-2026, 11:49 PM
Last Post: skype
  Cool Remote Patching ETW/Amsi PoC pepeloco 6 2,092 02-08-2026, 07:58 AM
Last Post: zeroday99



 Users browsing this thread: