Zero-Click Outlook RCE Exploitation Chain in Windows

Threat Level – Red | Vulnerability Report
Download PDF

Two vulnerabilities (CVE-2023-35384 and CVE-2023-36710) in Microsoft Windows can be chained to achieve remote code execution (RCE) on vulnerable Outlook clients. Attackers can exploit these flaws by sending a crafted email with a custom notification sound file to trigger the download of a malicious audio file from a remote server.

Threat Level – Red | Vulnerability Report

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox