KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

9.8

CVSS
Critical

CVE-2024-21413

PUBLISHED

Microsoft Outlook Remote Code Execution Vulnerability

Exploited in the wild PoC available Remote Low complexity No user interaction

Vendor: Microsoft
Product: Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office 2016
Published: Feb 13, 2024
EPSS: —

Description

Microsoft Outlook Remote Code Execution Vulnerability

cisa microsoft nessus_scanner

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Exploitation status

Exploited in the wild

Recorded 2025-02-06 00:00:00 UTC · Source

Proof of concept available

Recorded 2024-08-31 13:18:43 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: total

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Feb 06, 2025

Scanner integrations

Scanner	Reference	Detected
Nessus	https://www.tenable.com/plugins/nessus/190541	Jun 02, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

D1se0/CVE-2024-21413-Vulnerabilidad-Outlook-LAB

github · Created 2024-12-04 10:26:37 UTC · 2 stars

ThemeHackers/CVE-2024-21413

github · Created 2024-08-31 13:18:43 UTC · 13 stars

CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability PoC

X-Projetion/CVE-2024-21413-Microsoft-Outlook-RCE-Exploit

github · Created 2024-05-03 16:09:54 UTC · 2 stars

CVE-2024-21413 Microsoft Outlook RCE Exploit

dshabani96/CVE-2024-21413

github · Created 2024-02-29 10:07:34 UTC · 2 stars

ahmetkarakayaoffical/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability

github · Created 2024-02-23 12:13:11 UTC · 4 stars

Bu betik, Microsoft Outlook'ta keşfedilen ve CVSS değeri 9.8 olan önemli bir güvenlik açığı olan CVE-2024-21413 için bir kavram kanıtı (PoC) sunmaktadır. MonikerLink hatası olarak adlandırılan bu güvenlik açığı, yerel NTLM bilgilerinin potansiyel sızıntısı ve uzaktan kod çalıştırma olasılığı dahil olmak üzere geniş kapsamlı etkilere sahiptir.

Mdusmandasthaheer/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability

github · Created 2024-02-20 12:41:15 UTC · 6 stars

CMNatic/CVE-2024-21413

github · Created 2024-02-17 14:52:52 UTC · 87 stars

CVE-2024-21413 PoC for THM Lab

r00tb1t/CVE-2024-21413-POC

github · Created 2024-02-16 21:10:31 UTC · 16 stars

Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - CVE-2024-21413 POC

xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability

github · Created 2024-02-16 15:17:59 UTC · 726 stars

Microsoft-Outlook-Remote-Code-Execution-Vulnerability

duy-31/CVE-2024-21413

github · Created 2024-02-15 19:57:38 UTC · 154 stars

Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC

Timeline

CVE ID Reserved

December 08, 2023
CVE Published to Public

February 13, 2024
Proof of Concept Exploit Available

August 31, 2024
Added to KEVIntel

February 06, 2025
Detected by Nessus

June 02, 2025