{"uuid": "3791ed15-e0ed-4c3e-8ff2-a8d50afb16e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-23397", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/165", "content": "Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability\n\n\ud83d\udc64 by Dominic Chell\n\nToday saw Microsoft patch an interesting vulnerability in Microsoft Outlook. The vulnerability is described as follows:\nMicrosoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.\n\nSecurity researcher has shared technical details for exploiting a critical Microsoft Outlook vulnerability for Windows (CVE-2023-23397) that allows hackers to remotely steal hashed passwords by simply receiving an email.\n\nhttps://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/", "creation_timestamp": "2023-03-15T18:55:28.000000Z"}