STRLCPY/CVE-2023-23397_EXPLOIT_0DAY

Total 1 files

■ ■ ■ ■ ■ ■

README.md

		skipped 1 lines
2	2		Exploit for the CVE-2023-23397
3	3		Credit to domchell
4	4
	5	+	EML/MSG Checker for the exploit:
	6	+
	7	+	#!/usr/bin/env python3
	8	+
	9	+	from extract_msg import AppointmentMeeting
	10	+
	11	+	from ..helpers import Status
	12	+
	13	+	from ..task import Task
	14	+
	15	+	from ..report import Report
	16	+
	17	+	from .base import BaseWorker
	18	+
	19	+	class OutlookMSG(BaseWorker):
	20	+
	21	+	def analyse(self, task: Task, report: Report, manual_trigger: bool=False):
	22	+
	23	+	print(task.file.msg_data)
	24	+
	25	+	if not task.file.msg_data or not isinstance(task.file.msg_data, AppointmentMeeting):
	26	+
	27	+	report.status = Status.NOTAPPLICABLE
	28	+
	29	+	return
	30	+
	31	+	self.logger.debug(f'analysing AppontmentMeeting in {task.file.path}...')
	32	+
	33	+	if task.file.msg_data.reminderFileParameter is not None:
	34	+
	35	+	report.status = Status.ALERT
	36	+
	37	+	# suspicious for cve-2023-23397: https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
	38	+
	39	+	report.add_details('CVE-2023-23397', f'A parameter used to exploit this vulnerability is present in the mail: "{task.file.msg_data.reminderFileParameter}"')
	40	+
	41	+	[Based on Pandora Framework](https://github.com/pandora-analysis/pandora/blob/0dd6b01956b0501c28e4a7c1128298dcd6a499b8/pandora/workers/outlookmsg.py)
	42	+
	43	+