if not task.file.msg_data or not isinstance(task.file.msg_data, AppointmentMeeting):
26
+
27
+
report.status = Status.NOTAPPLICABLE
28
+
29
+
return
30
+
31
+
self.logger.debug(f'analysing AppontmentMeeting in {task.file.path}...')
32
+
33
+
if task.file.msg_data.reminderFileParameter is not None:
34
+
35
+
report.status = Status.ALERT
36
+
37
+
# suspicious for cve-2023-23397: https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
38
+
39
+
report.add_details('CVE-2023-23397', f'A parameter used to exploit this vulnerability is present in the mail: "{task.file.msg_data.reminderFileParameter}"')
40
+
41
+
[Based on Pandora Framework](https://github.com/pandora-analysis/pandora/blob/0dd6b01956b0501c28e4a7c1128298dcd6a499b8/pandora/workers/outlookmsg.py)