Exploit for Authentication Bypass by Capture-replay in Microsoft CVE-2023-23397

Name: Exploit for Authentication Bypass by Capture-replay in Microsoft CVE-2023-23397
Rating: 5 (174 reviews)

2023-03-17 | CVSS 7.5

## https://sploitus.com/exploit?id=7B2CF65C-A651-5E4A-968F-E9B917318164
# CVE-2023-23397-POC
Exploit POC for CVE-2023-23397

Appointment.cs : the modified file from https://github.com/Sicos1977/MsgKit/blob/master/MsgKit/Appointment.cs

Exploit.cs  : the code i used to replicate creating the malicious appointment . i modified the code picture in MDSEC article here : https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/

MsgKit.dll : the compiled library from https://github.com/Sicos1977/MsgKit/blob/master/MsgKit which you need to modify to make the exploit work

this POC created for research purposes and am not responsible for any malicious use.