CVE-2023-23397

Microsoft Outlook Elevation of Privilege Vulnerability

Basic Information

CVE State: PUBLISHED
Reserved Date: January 11, 2023
Published Date: March 14, 2023
Last Updated: February 04, 2025
Vendor: Microsoft
Product: Microsoft Office LTSC 2021, Microsoft Outlook 2016, Microsoft 365 Apps for Enterprise, Microsoft Office 2019, Microsoft Outlook 2013 Service Pack 1
Description: Microsoft Outlook Elevation of Privilege Vulnerability

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2023-03-14 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2023-03-17 03:38:50 UTC) Source

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397

Known Exploited Vulnerability Information

Source	Added Date
CISA	2023-03-14 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

Pushkarup/CVE-2023-23397

Type: github • Created: 2023-10-26 09:26:32 UTC • Stars: 3

This script exploits CVE-2023-23397, a Zero-Day vulnerability in Microsoft Outlook, allowing the generation of malicious emails for testing and educational purposes.

Muhammad-Ali007/OutlookNTLM_CVE-2023-23397

Type: github • Created: 2023-07-14 22:02:55 UTC • Stars: 21

vlad-a-man/CVE-2023-23397

Type: github • Created: 2023-05-07 18:21:35 UTC • Stars: 6

CVE-2023-23397 PoC

AiK1d/CVE-2023-23397-POC

Type: github • Created: 2023-03-31 03:35:30 UTC • Stars: 3

CVE-2023-23397漏洞的简单PoC，有效载荷通过电子邮件发送。

tiepologian/CVE-2023-23397

Type: github • Created: 2023-03-21 18:38:00 UTC • Stars: 25

Proof of Concept for CVE-2023-23397 in Python

Trackflaw/CVE-2023-23397

Type: github • Created: 2023-03-20 16:31:54 UTC • Stars: 123

Simple PoC of the CVE-2023-23397 vulnerability with the payload sent by email.

ahmedkhlief/CVE-2023-23397-POC-Using-Interop-Outlook

Type: github • Created: 2023-03-19 08:07:58 UTC • Stars: 2

djackreuter/CVE-2023-23397-PoC

Type: github • Created: 2023-03-18 21:14:21 UTC • Stars: 9

BillSkiCO/CVE-2023-23397_EXPLOIT

Type: github • Created: 2023-03-17 17:35:14 UTC • Stars: 7

Generates meeting requests taking advantage of CVE-2023-23397. This requires the outlook thick client to send.

ahmedkhlief/CVE-2023-23397-POC

Type: github • Created: 2023-03-17 10:18:26 UTC • Stars: 6

Exploit POC for CVE-2023-23397

im007/CVE-2023-23397

Type: github • Created: 2023-03-17 03:38:50 UTC • Stars: 0

CVE-2023-23397 Remediation Script (Powershell)

api0cradle/CVE-2023-23397-POC-Powershell

Type: github • Created: 2023-03-16 19:43:39 UTC • Stars: 344

ka7ana/CVE-2023-23397

Type: github • Created: 2023-03-16 19:10:37 UTC • Stars: 40

Simple PoC in PowerShell for CVE-2023-23397

alicangnll/CVE-2023-23397

Type: github • Created: 2023-03-16 14:07:15 UTC • Stars: 3

CVE-2023-23397 - Microsoft Outlook Vulnerability

sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY

Type: github • Created: 2023-03-15 17:03:38 UTC • Stars: 161

Exploit for the CVE-2023-23397