JOIN BREACHFORUMS TELEGRAM
POC + Exploit CVE-2023-23397
by Farfallaiero - Wednesday December 13, 2023 at 05:23 PM
Breached
Member
Posts: 7
Threads: 0
Joined: Dec 2024
Reputation: 0
#21
Dec 28, 2024, 12:37 PM
(Dec 13, 2023, 05:23 PM)Farfallaiero Wrote: CVE-2023-23397 is a vulnerability in MS Outlook that allows an attacker to potentially exfil user authentication details. The vulnerability relates to the the ability for an attacker to specify a UNC path in the "ReminderSoundFile" property within an email/meeting invite - when the reminder triggers in Outlook, the user's Outlook client attempts to load the sound file specified in the path. If Outlook attempts to initiate an SMB connection to a remote SMB server, it might be possible for the attacker to intercept the user's Net-NTLMv2 hash and relay this to authenticate as the user.

kind of looks fun
Reply
Banned

Posts: 39
Threads: 0
Joined: Jan 2025
Reputation: 0
#22
Feb 17, 2025, 07:32 PM
I will try this vulnerability.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Ban Any Discord Exploit phineasfisherman 7 434 2 hours ago
Last Post: sniperx86
  [POC] Google OAuth "MultiLogin" endpoint 0-day Farfallaiero 107 13,610 3 hours ago
Last Post: d39ug
  Dokan Pro Unauthenticated SQL Injection POC | CVSS 10 Loki 42 3,727 3 hours ago
Last Post: d39ug
  {SECRET} DATABASE OF EXPLOITS lulagain 435 26,439 Yesterday, 06:11 AM
Last Post: DirtyEra
  New Zer0 Day Wordpress A3g00n 81 3,366 Yesterday, 03:06 AM
Last Post: DirtyEra

Forum Jump:


 Users browsing this forum: 1 Guest(s)