crash.software
Projects
Pull Requests
Issues
Builds
CVE-2023-23397_EXPLOIT_0DAY
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY CVE-2023-23397_EXPLOIT_0DAY Commits 75ce155e
🤬
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 6 lines
    7 7   #!/usr/bin/env python3
    8 8  
    9 9   from extract_msg import AppointmentMeeting
    10  -
    11 10   from ..helpers import Status
    12  -
    13 11   from ..task import Task
    14  -
    15 12   from ..report import Report
    16  -
    17 13   from .base import BaseWorker
    18  -
    19 14   class OutlookMSG(BaseWorker):
    20  -
    21 15   def analyse(self, task: Task, report: Report, manual_trigger: bool=False):
    22  -
    23 16   print(task.file.msg_data)
    24  -
    25 17   if not task.file.msg_data or not isinstance(task.file.msg_data, AppointmentMeeting):
    26  -
    27 18   report.status = Status.NOTAPPLICABLE
    28  -
    29 19   return
    30  -
    31 20   self.logger.debug(f'analysing AppontmentMeeting in {task.file.path}...')
    32  -
    33 21   if task.file.msg_data.reminderFileParameter is not None:
    34  -
    35 22   report.status = Status.ALERT
    36  -
    37 23   # suspicious for cve-2023-23397: https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
    38  -
    39 24   report.add_details('CVE-2023-23397', f'A parameter used to exploit this vulnerability is present in the mail: "{task.file.msg_data.reminderFileParameter}"')
    40 25   
    41 26  [Based on Pandora Framework](https://github.com/pandora-analysis/pandora/blob/0dd6b01956b0501c28e4a7c1128298dcd6a499b8/pandora/workers/outlookmsg.py)
    skipped 2 lines
Please wait...
Page is in error, reload to recover