3 matches found
Zero-Click Outlook RCE Exploitation Chain in Windows
Summary: Two vulnerabilities CVE-2023-35384 and CVE-2023-36710 in Microsoft Windows can be chained to achieve remote code execution RCE on vulnerable Outlook clients. Attackers can exploit these flaws by sending a crafted email with a custom notification sound file to trigger the download of a...
CVE-2023-36710
CVE-2023-36710 is a Windows Media Foundation Core Remote Code Execution vulnerability. The connected sources describe a two-step chain: a WAV file processing flaw in Windows Media Foundation allows two out-of-bounds writes, which an attacker can trigger via a specially crafted WAV played as part ...
CVE-2023-36710 Windows Media Foundation Core Remote Code Execution Vulnerability
...