Zero-Click Outlook RCE Exploitation Chain in Windows
Zero-Click Outlook RCE Exploitation Chain in Windows
Summary:
Two vulnerabilities (CVE-2023-35384 and CVE-2023-36710) in Microsoft Windows can be chained to achieve remote code execution (RCE) on vulnerable Outlook clients. Attackers can exploit these flaws by sending a crafted email with a custom notification sound file to trigger the download of a malicious audio file from a remote server.
Threat Level – Red | Vulnerability Report
For a detailed threat advisory, download the pdf file here
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.