A script to send emails via Gmail SMTP with customizable HTML templates.
Project description
CVE-2024-21413 - Critical Remote Code Execution Vulnerability in Microsoft Outlook
Setup
- You can change smtp and password and copy the command into Terminal to use CVE-2024-21413-PoC.py
Linux & Ubuntu & ParrotOS & ALL Base on Linux
export SENDER_EMAIL=ah3112651@gmail.com
export SENDER_PASSWORD=pnsbkvkxwfgwjueu
Windows
$env:SENDER_EMAIL = "ah3112651@gmail.com"
$env:SENDER_PASSWORD = "pnsbkvkxwfgwjueu"
Overview
CVE-2024-21413 is a critical remote code execution (RCE) vulnerability affecting Microsoft Outlook. This zero-day vulnerability, also known as the "MonikerLink" bug, allows attackers to execute arbitrary code on a victim's machine without any user interaction. The vulnerability is triggered by maliciously crafted email messages that exploit specific types of hyperlinks within Outlook, leading to severe consequences such as system compromise, data exfiltration, or the installation of malware.
Affected Versions
The vulnerability affects various versions of Microsoft Outlook, including but not limited to:
- Microsoft Office 2016
- Microsoft Office 2019
- Microsoft Office 2021
- Microsoft 365 Apps
These versions are affected across both 32-bit and 64-bit editions.
Attack Vector
The MonikerLink bug is particularly dangerous because it bypasses the Office Protected View feature, which is designed to open potentially unsafe files in a read-only, sandboxed environment. By exploiting this vulnerability, attackers can bypass these security mechanisms and gain unauthorized access to sensitive information or take control of the victim's system.
Impact
Successful exploitation of CVE-2024-21413 can result in:
- Remote code execution
- Data exfiltration
- Data encryption
- Credential harvesting
- Installation of malware
Given the severity of this vulnerability, it is crucial that affected systems be patched immediately to prevent potential exploitation.
Mitigation
To protect against this vulnerability, it is strongly recommended that users and organizations:
- Apply the latest security updates provided by Microsoft.
- Ensure that Outlook and all related Office applications are updated to the latest versions.
For further details and updates, refer to the following sources:
License
This document is licensed under the MIT License.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file CVE-2024-21413-0.1.0.tar.gz.
File metadata
- Download URL: CVE-2024-21413-0.1.0.tar.gz
- Upload date:
- Size: 3.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ad236051d7baa0b1de0a2bc0c78c8edaa52f5ece5be4c44f7bb84aef267998e5 |
|
| MD5 | 4e265343f3d1532f2da72813b8602c84 |
|
| BLAKE2b-256 | de0265678806f2a98b6054a03cd761b21856fe30957f30bd3f0e55de71f6f495 |
File details
Details for the file CVE_2024_21413-0.1.0-py3-none-any.whl.
File metadata
- Download URL: CVE_2024_21413-0.1.0-py3-none-any.whl
- Upload date:
- Size: 3.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a0f70b1410f80f0367269bcb75797bc654c64e18b4f626ef8d740b0bd3f8c8eb |
|
| MD5 | 7d327d68b35608e4fa0cc21b20afeaa1 |
|
| BLAKE2b-256 | 0b88fe2d556f1fbeaa13d720a77d08069bcd1344535aacc0cdb148e18aec8f23 |
