if not task.file.msg_data or not isinstance(task.file.msg_data, AppointmentMeeting):
26
-
27
18
report.status = Status.NOTAPPLICABLE
28
-
29
19
return
30
-
31
20
self.logger.debug(f'analysing AppontmentMeeting in {task.file.path}...')
32
-
33
21
if task.file.msg_data.reminderFileParameter is not None:
34
-
35
22
report.status = Status.ALERT
36
-
37
23
# suspicious for cve-2023-23397: https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
38
-
39
24
report.add_details('CVE-2023-23397', f'A parameter used to exploit this vulnerability is present in the mail: "{task.file.msg_data.reminderFileParameter}"')
40
25
41
26
[Based on Pandora Framework](https://github.com/pandora-analysis/pandora/blob/0dd6b01956b0501c28e4a7c1128298dcd6a499b8/pandora/workers/outlookmsg.py)