CVE-2023-23397

This repository contains a functional PowerShell script that exploits CVE-2023-23397, an NTLM credential leakage vulnerability in Microsoft Outlook. The script uses the Outlook COM object to create calendar invitations with a malicious `ReminderSoundFile` path, triggering NTLM authentication leaks to attacker-controlled servers.

The repository contains partial code for a .NET library (MsgKit) related to email and appointment handling, but lacks any exploit-specific implementation or proof-of-concept for CVE-2023-23397. No malicious or functional exploit code is present.

This repository contains a functional PoC for CVE-2023-23397, which exploits a vulnerability in Microsoft Outlook's handling of appointment reminders to trigger an NTLM authentication request to an attacker-controlled server. The script generates a malicious .msg file and sends it via SMTP, leveraging the zero-click nature of the vulnerability.

This PowerShell script exploits CVE-2023-23397 by creating a malicious Outlook meeting invite with a UNC path in the ReminderSoundFile property, triggering an SMB/WebDAV connection attempt that can leak Net-NTLMv2 hashes.

This repository contains a functional Python exploit for CVE-2023-23397, an Outlook privilege escalation vulnerability. The exploit generates a malicious Outlook appointment item that triggers NTLM credential theft via a crafted SMB server path in the reminder sound file field.

The repository contains a functional PowerShell script that exploits CVE-2023-23397, an NTLM credential leak vulnerability in Microsoft Outlook. The exploit crafts a malicious calendar invitation with a UNC path to a remote SMB share, triggering an NTLM authentication attempt when the victim interacts with the invitation.

This repository contains a functional Python script that exploits CVE-2023-23397, a Microsoft Outlook vulnerability, by crafting TNEF-encoded emails to trigger malicious meeting reminders. The exploit leverages SMTP to send payloads that abuse the `IPM.TaskRequest` message class, bypassing the need for COM objects or EWS.

This repository contains a functional C# exploit for CVE-2023-23397, which leverages a vulnerability in Microsoft Outlook to trigger arbitrary code execution via a crafted appointment with a malicious UNC path. The PoC automates the creation and sending of a malicious meeting invite using Outlook's COM interface.

This repository contains a functional Python exploit for CVE-2023-23397, which leverages a vulnerability in Microsoft Outlook to leak Net-NTLMv2 hashes via a crafted email with a malicious UNC path in the PidLidReminderFileParameter property.

This repository contains a functional Python script that exploits CVE-2023-23397 by sending a crafted meeting request via Microsoft Outlook, which triggers an SMB connection to a malicious UNC path when the reminder is activated, potentially leaking Net-NTLMv2 hashes.

This repository contains a functional proof-of-concept exploit for CVE-2023-23397, a Microsoft Outlook elevation of privilege vulnerability. The exploit leverages a malicious appointment file with a crafted `PidLidReminderFileParameter` property to trigger a UNC path injection, leading to NTLM credential theft or arbitrary code execution.

The repository contains a functional Python script that exploits CVE-2023-23397, an elevation of privilege vulnerability in Microsoft Outlook. The exploit generates a malicious email with a UNC path to an attacker-controlled SMB share, triggering NTLM hash leakage when the email is opened.

This PoC generates a malicious .msg file exploiting CVE-2023-23397 by setting a UNC path in the reminder_sound_file field, which triggers NTLM authentication to an attacker-controlled server when the file is opened in Microsoft Outlook.

This PoC exploits CVE-2023-23397 by sending a malicious appointment via email, triggering NetNTLM authentication. It uses the `independentsoft.msg` library to craft a malicious `.msg` file with a manipulated reminder sound file path.

This repository contains functional exploit code for CVE-2023-23397, a vulnerability in Microsoft Outlook. The provided code includes classes for handling email addresses, appointments, and other Outlook-related functionalities, which are likely used to craft malicious messages exploiting the vulnerability.

This repository contains a functional proof-of-concept exploit for CVE-2023-23397, leveraging Microsoft Outlook's Interop to trigger a vulnerability via a crafted appointment with a malicious reminder sound file path. The PoC demonstrates the exploit by setting a UNC path to an attacker-controlled server, which could lead to NTLM hash leakage or further exploitation.

The repository contains functional PoC scripts (PowerShell and Python) that exploit CVE-2023-23397, an NTLM relay vulnerability in Microsoft Outlook. The scripts send crafted meeting requests with malicious reminder sound file paths to trigger NTLM authentication leaks.

This repository contains a functional exploit for CVE-2023-23397, which targets Microsoft Outlook to retrieve NetNTLM hashes via a crafted appointment with a malicious SMB share link. The exploit automates the delivery of malicious appointments via SMTP.

The repository contains PowerShell scripts to detect and remediate CVE-2023-23397 by checking Microsoft Office versions and forcing updates if outdated. It does not include exploit code but provides detection and patching logic.

This repository contains a functional C# PoC for CVE-2023-23397, which exploits a vulnerability in Microsoft Outlook by crafting a malicious appointment file with a UNC path in the `PidLidReminderFileParameter` property. The exploit generates a `.msg` file that triggers NTLM credential leakage when opened.

The repository contains PowerShell scripts to detect and remediate vulnerable versions of Microsoft 365 Apps related to CVE-2023-23397. The scripts check registry keys for specific versions and trigger updates if a vulnerable version is found.

This repository contains a functional PowerShell script that exploits CVE-2023-23397, a zero-click NTLM relay vulnerability in Microsoft Outlook. The exploit sends a malicious calendar invite with a UNC path in the reminder sound file, triggering an NTLMv2 hash leak to an attacker-controlled server.

This repository provides a detailed technical analysis of CVE-2023-23397, a use-after-free vulnerability in Microsoft Outlook that leads to remote code execution. It explains the vulnerability mechanics, exploitation scenarios, and mitigation steps but does not include functional exploit code.

This repository contains a functional PowerShell PoC for CVE-2023-23397, which exploits a vulnerability in Microsoft Outlook by sending a crafted meeting invitation with a malicious UNC path in the reminder sound file. The exploit triggers an NTLM authentication request to an attacker-controlled server when the reminder is activated.

This repository contains a PowerShell script that patches CVE-2023-23397 by downloading and installing the relevant Microsoft security updates (KB5023696, KB5023706, KB5023702) if they are not already present on the system. The script checks the current Windows version and applies the appropriate patch.

The repository provides a technical description of CVE-2023-23397, an Elevation of Privilege (EoP) vulnerability in Microsoft Outlook. It explains the attack mechanism involving a crafted email with a UNC path to an SMB share, leading to NTLM credential theft without user interaction.

The PoC demonstrates CVE-2023-23397 by creating a malicious Outlook appointment that forces a connection to an attacker-controlled SMB server to leak NetNTLMv2 hashes. The PowerShell script automates the creation of a crafted appointment item with a remote sound file path.

This repository provides PowerShell scripts for evaluating and remediating CVE-2023-23397, a vulnerability in Microsoft Office. The scripts check the installed version of Office and force an update if the system is not patched.

This repository contains a functional exploit PoC for CVE-2023-23397 (Outlook NTLM leak) along with a Docker-based lab environment for replication. The exploit includes a Python-based ICS generator and listener to trigger and capture NTLM hashes via crafted emails.

This repository contains a functional PowerShell script that exploits CVE-2023-23397, a zero-click vulnerability in Microsoft Outlook. The exploit forces a victim to connect to an attacker-controlled server via a crafted calendar reminder, leaking NetNTLMv2 hashes through an SMB request.