CVE-2024-21413
Microsoft Outlook Remote Code Execution Vulnerability
In short
A critical flaw in Microsoft Outlook allows attackers to execute arbitrary code on your computer by sending a specially crafted email message. This vulnerability requires no user interaction beyond opening the email and can completely compromise your system.
Technical detail
CWE-20 input validation vulnerability in Microsoft Outlook's email parsing mechanism enables unauthenticated remote code execution when processing maliciously crafted email content. The attack vector is network-based with no user privileges required; exploitation occurs during email parsing, leading to arbitrary code execution in the Outlook process context.
Summary generated and translated by AI from the official description.
Microsoft Outlook Remote Code Execution Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft 365 Apps for EnterpriseMicrosoft · Microsoft Office 2016Microsoft · Microsoft Office 2019Microsoft · Microsoft Office LTSC 2021public PoCs found — 35
githubgithub.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability★ 765githubgithub.com/CMNatic/CVE-2024-21413★ 257githubgithub.com/duy-31/CVE-2024-21413★ 157githubgithub.com/ThemeHackers/CVE-2024-21413★ 25githubgithub.com/r00tb1t/CVE-2024-21413-POC★ 17githubgithub.com/mmathivanan17/CVE-2024-21413★ 11githubgithub.com/Mdusmandasthaheer/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability★ 5githubgithub.com/D1se0/CVE-2024-21413-Vulnerabilidad-Outlook-LAB★ 4githubgithub.com/ahmetkarakayaoffical/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability★ 4githubgithub.com/X-Projetion/CVE-2024-21413-Microsoft-Outlook-RCE-Exploit★ 2githubgithub.com/gurleen-147/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability-PoC★ 2githubgithub.com/dshabani96/CVE-2024-21413★ 2githubgithub.com/PolarisXSec/CVE-2024-21413★ 1githubgithub.com/Redfox-Security/Unveiling-Moniker-Link-CVE-2024-21413-Navigating-the-Latest-Cybersecurity-Landscape★ 0githubgithub.com/olebris/CVE-2024-21413★ 0githubgithub.com/ShubhamKanhere307/CVE-2024-21413★ 0githubgithub.com/ArtemCyberLab/Project-NTLM-Hash-Capture-and-Phishing-Email-Exploitation-for-CVE-2024-21413★ 0githubgithub.com/th3Hellion/CVE-2024-21413★ 0githubgithub.com/MQKGitHub/Moniker-Link-CVE-2024-21413★ 0githubgithub.com/yass2400012/Email-exploit-Moniker-Link-CVE-2024-21413-★ 0githubgithub.com/KartheekKandalam99/SVPT_CW_2★ 0githubgithub.com/hau2212/Moniker-Link-CVE-2024-21413-★ 0githubgithub.com/MSeymenD/CVE-2024-21413★ 0githubgithub.com/eylommaayan/THM---CVE-2024-21413-Moniker-Link-Microsoft-Outlook-★ 0githubgithub.com/ViniciusFariasDev/cve-2024-21413-outlook-monikerlink-lab★ 0githubgithub.com/dionissh/CVE-2024-21413★ 0githubgithub.com/securenetexpert/CVE-2024-21413-Moniker-Link-Writeup★ 0githubgithub.com/SallocinAvalcante/lab-SMB-responder-CVE-2024-21413★ 0githubgithub.com/E-m-e-k-a/Moniker-Link-Lab-Setup★ 0githubgithub.com/TheMursalin/HTB-Mailing-A-Complete-Walkthrough★ 0githubgithub.com/pedro-lucas-melo/Estudo-de-Caso-CVE-2024-21413★ 0githubgithub.com/FathanahHidayati/https-github.com-xaitax-CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability★ 0githubgithub.com/bhatbhupendra/Moniker-Link--CVE-2024-21413-★ 0githubgithub.com/KaiHaoChen04/monikerlinktest★ 0githubgithub.com/Dhananjayasj/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21413https://www.vicarius.io/vsociety/posts/cve-2024-21413-critical-monikerlink-vulnerability-affecting-microsoft-outlook-detection-scripthttps://www.vicarius.io/vsociety/posts/cve-2024-21413-critical-monikerlink-vulnerability-affecting-microsoft-outlook-mitigation-script