0x00 前言
Microsoft Office Outlook是微软办公软件套装的组件之一,它对Windows自带的Outlook express的功能进行了扩充。
Outlook的功能很多,可以用它来收发电子邮件、管理联系人信息、记日记、安排日程、分配任务。
0x01 漏洞描述
https://www.netspi.com/blog/technical/red-team-operations/microsoft-outlook-remote-code-execution-cve-2024-21378/
0x02 CVE编号
CVE-2024-21378
0x03 影响版本
Microsoft Outlook 2016 (64-bit edition)
Microsoft Outlook 2016 (32-bit edition)
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for 32-bit editions
0x04 漏洞详情
POC:(需要两个文件配合使用)
https://github.com/NetSPI/ruler/tree/com-forms
https://gist.github.com/Homer28/7f3559ff993e2598d0ceefbaece1f97f
0x05 参考链接
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21378
https://gist.github.com/Homer28/7f3559ff993e2598d0ceefbaece1f97f
