Outlook suffers from a lack of control over the user input that allows to configure the sound of a meeting and appointment reminder. An attacker is able to force a victim to make a connection to its server without any manipulation from the user (zero click vulnerability).
An attacker exploiting this vulnerability retrieves a NetNTLMv2 digest based on the password of the trapped user through an SMB request. The request is triggered as soon as the mail arrives in the inbox.
Most POC will automatically display the meeting, this POC saves the item for storage that can be sent later.