Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-23397— Microsoft Outlook Elevation of Privilege Vulnerability

CVSS 9.8 · Critical KEV EPSS 93.40% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-23397

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Microsoft Outlook Elevation of Privilege Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Microsoft Outlook Elevation of Privilege Vulnerability
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Outlook 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Outlook是美国微软(Microsoft)公司的一套电子邮件应用程序。 Microsoft Outlook存在安全漏洞。以下产品和版本受到影响:Microsoft Office LTSC 2021 for 32-bit editions,Microsoft Outlook 2016 (32-bit edition),Microsoft Office LTSC 2021 for 64-bit editions,Microsoft 365 Apps for Enterprise for
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
MicrosoftMicrosoft Office LTSC 2021 16.0.1 ~ https://aka.ms/OfficeSecurityReleases -
MicrosoftMicrosoft Outlook 2016 16.0.0.0 ~ 16.0.5387.1000 -
MicrosoftMicrosoft 365 Apps for Enterprise 16.0.1 ~ https://aka.ms/OfficeSecurityReleases -
MicrosoftMicrosoft Office 2019 19.0.0 ~ https://aka.ms/OfficeSecurityReleases -
MicrosoftMicrosoft Outlook 2013 Service Pack 1 15.0.0.0 ~ 15.0.5537.1000 -

II. Public POCs for CVE-2023-23397

#POC DescriptionSource LinkShenlong Link
1Exploit for the CVE-2023-23397https://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAYPOC Details
2Nonehttps://github.com/j0eyv/CVE-2023-23397POC Details
3CVE-2023-23397 - Microsoft Outlook Vulnerabilityhttps://github.com/alicangnll/CVE-2023-23397POC Details
4Python script to create a message with the vulenrability properties sethttps://github.com/grn-bogo/CVE-2023-23397POC Details
5Simple PoC in PowerShell for CVE-2023-23397https://github.com/ka7ana/CVE-2023-23397POC Details
6Nonehttps://github.com/api0cradle/CVE-2023-23397-POC-PowershellPOC Details
7CVE-2023-23397 Remediation Script (Powershell)https://github.com/im007/CVE-2023-23397POC Details
8PoC for CVE-2023-23397https://github.com/cleverg0d/CVE-2023-23397-PoC-PowerShellPOC Details
9Exploit POC for CVE-2023-23397https://github.com/ahmedkhlief/CVE-2023-23397-POCPOC Details
10Generates meeting requests taking advantage of CVE-2023-23397. This requires the outlook thick client to send.https://github.com/BillSkiCO/CVE-2023-23397_EXPLOITPOC Details
11Nonehttps://github.com/djackreuter/CVE-2023-23397-PoCPOC Details
12CVE-2023-23397 C# PoC https://github.com/moneertv/CVE-2023-23397POC Details
13Nonehttps://github.com/ahmedkhlief/CVE-2023-23397-POC-Using-Interop-OutlookPOC Details
14Simple PoC of the CVE-2023-23397 vulnerability with the payload sent by email.https://github.com/Trackflaw/CVE-2023-23397POC Details
15Patch for MS Outlook Critical Vulnerability - CVSS 9.8https://github.com/SecCTechs/CVE-2023-23397POC Details
16Proof of Concept for CVE-2023-23397 in Pythonhttps://github.com/tiepologian/CVE-2023-23397POC Details
17Python script for sending e-mails with CVE-2023-23397 payload using SMTPhttps://github.com/BronzeBee/cve-2023-23397POC Details
18Nonehttps://github.com/stevesec/CVE-2023-23397POC Details
19An exploitation demo of Outlook Elevation of Privilege Vulnerabilityhttps://github.com/madelynadams9/CVE-2023-23397-ReportPOC Details
20CVE-2023-23397 powershell patch script for Windows 10 and 11 https://github.com/Zeppperoni/CVE-2023-23397-PatchPOC Details
21Nonehttps://github.com/jacquesquail/CVE-2023-23397POC Details
22CVE-2023-23397漏洞的简单PoC,有效载荷通过电子邮件发送。https://github.com/CKevens/CVE-2023-23397-POCPOC Details
23CVE-2023-23397 PoChttps://github.com/vlad-a-man/CVE-2023-23397POC Details
24Nonehttps://github.com/Muhammad-Ali007/OutlookNTLM_CVE-2023-23397POC Details
25This script exploits CVE-2023-23397, a Zero-Day vulnerability in Microsoft Outlook, allowing the generation of malicious emails for testing and educational purposes.https://github.com/Pushkarup/CVE-2023-23397POC Details
26Nonehttps://github.com/ducnorth2712/CVE-2023-23397POC Details
27C implementation of Outlook 0-click vulnerabilityhttps://github.com/alsaeroth/CVE-2023-23397-POCPOC Details
28Proof of Work of CVE-2023-23397 for vulnerable Microsoft Outlook client application.https://github.com/TheUnknownSoul/CVE-2023-23397-PoWPOC Details
29An exploitation demo of Outlook Elevation of Privilege Vulnerabilityhttps://github.com/Cyb3rMaddy/CVE-2023-23397-ReportPOC Details
30CVE-2023-23397漏洞的简单PoC,有效载荷通过电子邮件发送。https://github.com/3yujw7njai/CVE-2023-23397-POCPOC Details
31CVE-2023-23397: Remote Code Execution Vulnerability in Microsoft Outlookhttps://github.com/Symbolexe/CVE-2023-23397POC Details
32C implementation of Outlook 0-click vulnerabilityhttps://github.com/sarsaeroth/CVE-2023-23397-POCPOC Details
33Nonehttps://github.com/shaolinsec/CVE-2023-23397POC Details
34CVE-2023-23397漏洞的简单PoC,有效载荷通过电子邮件发送。https://github.com/AiK1d/CVE-2023-23397-POCPOC Details
35Demonstration of CVE-2023-23397 Outlook Privellege Escalation vulnerabilityhttps://github.com/Agentgilspy/CVE-2023-23397POC Details
36Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E5%85%B6%E4%BB%96%E6%BC%8F%E6%B4%9E/Microsoft%20Outlook%20%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87%E6%BC%8F%E6%B4%9E%20CVE-2023-23397.mdPOC Details
37Demonstration of CVE-2023-23397 Outlook Privellege Escalation vulnerabilityhttps://github.com/Gilospy/CVE-2023-23397POC Details
38CVE-2023-23397漏洞的简单PoC,有效载荷通过电子邮件发送。https://github.com/P4x1s/CVE-2023-23397-POCPOC Details
39Two POCs I created for the CVE-2023-23397 Outlook NTLM vulnerability, to be used internally.https://github.com/Phaedrik/CVE-2023-23397-POCPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-23397

登录查看更多情报信息。

Same Patch Batch · Microsoft · 2023-03-14 · 74 CVEs total

CVE-2023-234159.8 CRITICALInternet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
CVE-2023-233929.8 CRITICALHTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2023-217089.8 CRITICALRemote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2023-234038.8 HIGHMicrosoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-249078.8 HIGHMicrosoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-248678.8 HIGHMicrosoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-234138.8 HIGHMicrosoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-248688.8 HIGHMicrosoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-249098.8 HIGHMicrosoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-234068.8 HIGHMicrosoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-248718.8 HIGHWindows Bluetooth Service Remote Code Execution Vulnerability
CVE-2023-249138.8 HIGHMicrosoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-248728.8 HIGHMicrosoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-233888.8 HIGHWindows Bluetooth Driver Elevation of Privilege Vulnerability
CVE-2023-248768.8 HIGHMicrosoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-248648.8 HIGHMicrosoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability
CVE-2023-233838.2 HIGHService Fabric Explorer Spoofing Vulnerability
CVE-2023-248928.2 HIGHMicrosoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
CVE-2023-234058.1 HIGHRemote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2023-248698.1 HIGHRemote Procedure Call Runtime Remote Code Execution Vulnerability

Showing top 20 of 74 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Microsoft Office LTSC 2021
Same vendor: Microsoft
Same weakness: CWE-20

V. Comments for CVE-2023-23397

No comments yet

Leave a comment