CVE-2023-35636

MEDIUM

Microsoft 365 Apps and Office - Unauthorized Information Exposure via Outlook

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-35636. PoCs published by duy-31.

AI-analyzed exploit summary This PoC exploits CVE-2023-35636, an information disclosure vulnerability in Microsoft Outlook, by sending a crafted email with specific headers to trigger an NTLM v2 hash leak when the recipient interacts with a calendar icon. The script uses Expect to automate the SMTP interaction and requires a responder with SMB server to capture the leaked hash.

Description

Microsoft Outlook Information Disclosure Vulnerability

Exploits (1)

nomisec WORKING POC 43 stars
by duy-31 · poc
https://github.com/duy-31/CVE-2023-35636

This PoC exploits CVE-2023-35636, an information disclosure vulnerability in Microsoft Outlook, by sending a crafted email with specific headers to trigger an NTLM v2 hash leak when the recipient interacts with a calendar icon. The script uses Expect to automate the SMTP interaction and requires a responder with SMB server to capture the leaked hash.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Outlook (versions affected by CVE-2023-35636)
No auth needed
Prerequisites: Valid SMTP server access · Responder with SMB server running · Recipient must interact with the calendar icon · Network access to SMB (port 445)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 6.5
EPSS 0.1756
EPSS Percentile 96.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (4)
microsoft/365_apps
microsoft/office 2016
microsoft/office 2019
microsoft/office_long_term_servicing_channel 2021
Published Dec 12, 2023
Tracked Since Feb 18, 2026