Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-21378 PoC — Microsoft Outlook Remote Code Execution Vulnerability

Source
https://github.com/d0rb/CVE-2024-21378
Associated Vulnerability
Title:Microsoft Outlook Remote Code Execution Vulnerability (CVE-2024-21378)
Description:Microsoft Outlook Remote Code Execution Vulnerability
Description
This repository contains an exploit for targeting Microsoft Outlook through Exchange Online, leveraging a vulnerability to execute arbitrary code via COM DLLs. The exploit utilizes a modified version of Ruler to send a malicious form as an email, triggering the execution upon user interaction within the Outlook thick client.
Readme
<div align="center">
    
 #  🇮🇱  **#BringThemHome #NeverAgainIsNow**   🇮🇱

**We demand the safe return of all citizens who have been taken hostage by the terrorist group Hamas. We will not rest until every hostage is released and returns home safely. You can help bring them back home.
https://stories.bringthemhomenow.net/**

🛡️ CVE-2024-21378

This repository contains an exmple of an exploit for targeting Microsoft Outlook through Exchange Online, leveraging a vulnerability to execute arbitrary code via COM DLLs. The exploit utilizes a modified version of Ruler to send a malicious form as an email, triggering the execution upon user interaction within the Outlook thick client.
Exploit Overview

The exploit works by obtaining access tokens via device code phishing/vishing, then crafting a COM compliant DLL that is sent as a form attachment using Ruler. The user interaction within Outlook is required to trigger the form execution, leading to the loading of the malicious DLL into the Outlook process.
Instructions

    Obtain refresh tokens via device code phishing/vishing.
    Compile a COM DLL containing the desired code.
    Modify the provided Python script with the target URL, access token, recipient email, DLL path, and CLSID.
    Run the Python script to send the malicious form to the target Outlook account.
    Wait for the user to interact with the email in the Outlook client to trigger the execution.

Requirements

    Python 3.x
    Requests library (pip install requests)

Disclaimer

This exploit is for educational purposes only. Misuse of this tool may violate laws and regulations. Use responsibly and only on systems you are authorized to test.
</div>
File Snapshot

 [4.0K]  /data/pocs/cae5a9b570dc4c51be781483ead1f5f99bc7ff2d
├── [ 912]  CVE-2024-21378.py
└── [1.7K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →