{"uuid": "be1bff20-c51f-4646-9915-d5d11648f64a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-21378", "type": "published-proof-of-concept", "source": "https://t.me/theninjaway1337/1422", "content": "CVE-2024-21378 \u2014 Remote Code Execution in Microsoft Outlook\u00a0\n\nIn 2023 NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects. This blog will cover how we discovered\u00a0CVE-2024-21378\u00a0and weaponized it by modifying\u00a0Ruler,\u00a0an Outlook penetration testing tool published by SensePost. Note, a pull request containing the proof-of-concept code is forthcoming to provide organizations with sufficient time to patch.\n\nhttps://www.netspi.com/blog/technical/red-team-operations/microsoft-outlook-remote-code-execution-cve-2024-21378/", "creation_timestamp": "2024-03-13T03:05:20.000000Z"}