漏洞描述
由于在Outlook客户端程序中使用了不安全的MkParseDisplayName API 函数,当打开带有恶意链接的电子邮件时,可以绕过 Office受保护的视图并在编辑模式打开恶意文件。利用此漏洞可远程获取NTLM 凭据信息,或者结合其他漏洞(CVE-2023-21716等)可实现远程执行任意代码。
Microsoft-Outlook远程代码执行漏洞CVE-2024-21413
PoC代码
暂无相关漏洞推荐
- POC sharepoint-lists-api-disclosure: Microsoft SharePoint - List API Disclosure
- POC sharepoint-layouts-disclosure: Microsoft SharePoint - Layouts Disclosure
- POC sharepoint-masterpage-disclosure: Microsoft SharePoint - Master Page Disclosure
- POC sharepoint-site-metadata-disclosure: Microsoft SharePoint - Site Metadata Disclosure
- POC sharepoint-sitepages-disclosure: Microsoft SharePoint - Site Pages Disclosure
- POC CVE-2025-49706: Microsoft SharePoint Server - Authentication Bypass
- (CVE-2025-53770)Microsoft SharePoint Server反序列化漏洞允许远程代码执行
- Microsoft Web Deploy 需授权 反序列化漏洞 可导致任意代码执行
- POC CVE-2019-0604: Microsoft SharePoint - Remote Code Execution
- POC CVE-2020-0646: Microsoft .NET Framework - Remote Code Execution
- POC CVE-2000-0114: Microsoft FrontPage Extensions - Information Disclosure
- POC CVE-2008-1547: Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection
- POC CVE-2015-1635: Microsoft Windows 'HTTP.sys' - Remote Code Execution