Microsoft Outlook Remote Code Execution Vulnerability

漏洞信息

漏洞名称： Microsoft Outlook Remote Code Execution Vulnerability

漏洞编号：

• CVE： CVE-2024-21413

漏洞类型： 命令执行

漏洞等级： 严重

漏洞描述： ### 受影响产品
Microsoft Outlook是微软公司开发的一款广泛使用的电子邮件客户端，作为Microsoft Office套件的一部分，它在企业环境和个人用户中都非常流行。Outlook提供了邮件收发、日历管理、联系人管理等功能，是企业通信和个人信息管理的重要工具。

漏洞说明

此漏洞被标识为CVE-2024-21413，是一种远程代码执行（RCE）漏洞，具体类型为命令执行。漏洞的根源在于Microsoft Outlook处理Moniker Link的方式存在缺陷，攻击者可以通过构造特殊的Moniker Link来触发漏洞，从而在目标系统上执行任意代码。这种漏洞通常由于输入验证不足或安全机制缺失导致，使得攻击者能够绕过正常的安全限制。

影响分析

由于Microsoft Outlook的广泛使用，此漏洞的影响范围非常广泛。攻击者可以利用此漏洞通过发送特制的电子邮件或链接，诱使用户点击，从而在用户不知情的情况下执行恶意代码。这种攻击不需要用户进行任何形式的认证，且可以自动化执行，极大地增加了攻击的成功率和危害性。成功的利用可能导致数据泄露、系统完全被控制、恶意软件传播等严重后果。鉴于漏洞的严重性和易用性，建议用户立即应用微软发布的安全更新以防止潜在的攻击。

产品厂商： Microsoft

产品名称： Microsoft Outlook

来源： https://github.com/projectdiscovery/nuclei-templates/issues/12519

类型： projectdiscovery/nuclei-templates:github issues

来源概述

Description:

Microsoft Outlook Remote Code Execution Vulnerability

Severity: Critical

POC:

• https://www.vicarius.io/vsociety/posts/cve-2024-21413-critical-monikerlink-vulnerability-affecting-microsoft-outlook-detection-script
• https://github.com/MQKGitHub/Moniker-Link-CVE-2024-21413
• https://github.com/PolarisXSec/CVE-2024-21413
• https///github.com:PolarisXSec/CVE-2024-21413.git
• https://vulncheck.com/xdb/3a5fa2dbf482
• https://github.com/ArtemCyberLab/Project-NTLM-Hash-Capture-and-Phishing-Email-Exploitation-for-CVE-2024-21413
• https///github.com:ArtemCyberLab/Project-NTLM-Hash-Capture-and-Phishing-Email-Exploitation-for-CVE-2024-21413.git
• https://vulncheck.com/xdb/e742b4b6b811
• https://github.com/D1se0/CVE-2024-21413-Vulnerabilidad-Outlook-LAB
• https///github.com:D1se0/CVE-2024-21413-Vulnerabilidad-Outlook-LAB.git
• https://vulncheck.com/xdb/9d498f414ca6
• https://github.com/ThemeHackers/CVE-2024-21413
• https///github.com:ThemeHackers/CVE-2024-21413.git
• https://github.com/Redfox-Security/Unveiling-Moniker-Link-CVE-2024-21413-Navigating-the-Latest-Cybersecurity-Landscape
• https://github.com/DerZiad/CVE-2024-21413
• https://vulncheck.com/xdb/903f7c89226e
• https://github.com/olebris/CVE-2024-21413
• https///github.com:olebris/CVE-2024-21413.git
• https://vulncheck.com/xdb/f5432e60cf3a
• https://github.com/ShubhamKanhere307/CVE-2024-21413
• https///github.com:ShubhamKanhere307/CVE-2024-21413.git
• https://vulncheck.com/xdb/7e98d318e5ee
• https://github.com/th3Hellion/CVE-2024-21413
• https///github.com:th3Hellion/CVE-2024-21413.git
• https://vulncheck.com/xdb/22ef4fecc344
• https://github.com/X-Projetion/CVE-2024-21413-Microsoft-Outlook-RCE-Exploit
• https///github.com:X-Projetion/CVE-2024-21413-Microsoft-Outlook-RCE-Exploit.git
• https://vulncheck.com/xdb/353be747e705
• https://github.com/dshabani96/CVE-2024-21413
• https///github.com:dshabani96/CVE-2024-21413.git
• https://vulncheck.com/xdb/9d1931bf8b43
• https://github.com/ahmetkarakayaoffical/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
• https///github.com:ahmetkarakayaoffical/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability.git
• https://vulncheck.com/xdb/38f03d75ef65
• https://github.com/Mdusmandasthaheer/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
• https///github.com:Mdusmandasthaheer/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability.git
• https://vulncheck.com/xdb/f843c9fab927
• https://github.com/MSeymenD/CVE-2024-21413
• https///github.com:MSeymenD/CVE-2024-21413.git
• https://vulncheck.com/xdb/b009e7e8de7f
• https://github.com/CMNatic/CVE-2024-21413
• https///github.com:CMNatic/CVE-2024-21413.git
• https://vulncheck.com/xdb/e5743c4aa3d6
• https://github.com/r00tb1t/CVE-2024-21413-POC
• https///github.com:r00tb1t/CVE-2024-21413-POC.git
• https://vulncheck.com/xdb/bf0ad298ff8b
• https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
• https///github.com:xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability.git
• https://vulncheck.com/xdb/4424d059b825
• https://github.com/duy-31/CVE-2024-21413
• https///github.com:duy-31/CVE-2024-21413.git

KEV: True

Shodan Query: NA

Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(-debug) along with the template to help the triage team with validation or can also share a vulnerable environment like docker file.

Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. Avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript. Such templates are blocked by default and won’t produce results, so we prioritize creating templates with other protocols unless exceptions are made.

You can check the FAQ for the Nuclei Templates Community Rewards Program here.