Exploit for #VU73511 Information disclosure in Microsoft Outlook and Microsoft Office

Published: 2023-03-16 | Updated: 2024-11-22

Vulnerability identifier: #VU73511

Vulnerability risk: Critical

CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2023-23397

CWE-ID: CWE-200

Exploitation vector: Network

Exploits in database: 7

November 22, 2024
- CVE-Vulnerability-Research (This repository focuses on exploring Common Vulnerabilities and Exposures (CVE), a standardized system for identifying and cataloging known cybersecurity vulnerabilities. It includes in-depth research on CVE impacts, exploitati [Github]
August 30, 2024
- CVE-2023-23397 (Simple PoC of the CVE-2023-23397 vulnerability with the payload sent by email.) [Github]
December 19, 2023
- CVE-2023-23397 (This script exploits CVE-2023-23397, a Zero-Day vulnerability in Microsoft Outlook, allowing the generation of malicious emails for testing and educational purposes.) [Github]
June 27, 2023
- CVE-2023-23397 (Simple PoC in PowerShell for CVE-2023-23397) [Github]
March 18, 2023
- CVE-2023-23397_EXPLOIT (Generates meeting requests taking advantage of CVE-2023-23397. This requires the outlook thick client to send.) [Github]
March 17, 2023
- CVE-2023-23397-POC (Exploit POC for CVE-2023-23397) [Github]
March 16, 2023
- CVE-2023-23397_EXPLOIT_0DAY (Exploit for the CVE-2023-23397) [Github]

Vulnerable software:
Microsoft Outlook
Client/Desktop applications / Office applications
Microsoft Office
Client/Desktop applications / Office applications

Vendor: Microsoft