CVE-2024-21413CISA KEV: Actively Exploited

Microsoft Outlook Improper Input Validation Vulnerability

Published Feb 6, 2025·Updated Feb 6, 2025

Description

Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.

Public Exploits & PoCs27 found

PoC: CVE-2024-21413

CVE-2024-21413 exploit

2

PoC: CVE-2024-21413-POC

Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - CVE-2024-21413 POC

1

[POC] GHSA-3mgp-fx93-9xv5 — Blind-Trust-CVE-2024-21413-Research

A security research tool for simulating targeted phishing campaigns using CVE-2024-21413 (Moniker Link).

PoC: monikerlinktest

cve-2024-21413

PoC: Estudo-de-Caso-CVE-2024-21413

Um estudo de caso do CVE-2024-21413. Usado como parâmetro a sala do TryHackMe Moniker Link (CVE-2024-21413). Feito edições com claude code no exploit.

PoC: HTB-Mailing-A-Complete-Walkthrough

If you've been grinding through HackTheBox machines, Mailing is one of those boxes that genuinely teaches you something. It's rated Easy, runs on Windows, and chains together a few real-world vulnerabilities — a directory traversal, a credential leak, CVE-2024-21413, and a LibreOffice macro exploit. Let's walk through it step by step.

PoC: Moniker-Link-Lab-Setup

Penetration testing lab demonstrating CVE-2024-21413 moniker link exploitation for NTLM credential theft, including attack execution, hash cracking, and defensive countermeasures

PoC: lab-SMB-responder-CVE-2024-21413

Laboratorio criado para PenTest da Vuln CVE 2024-214113(MONIKER LINK)

PoC: CVE-2024-21413-Moniker-Link-Writeup

Technical write-up on CVE-2024-21413 (Moniker Link vulnerability)

PoC: THM---CVE-2024-21413-Moniker-Link-Microsoft-Outlook-

ב־13 בפברואר 2024 פרסמה Microsoft חולשת אבטחה חמורה ב־Microsoft Outlook, אשר קיבלה את הזיהוי CVE-2024-21413, ומוכרת בשם Moniker Link Vulnerability. החולשה מאפשרת לתוקף לעקוף את מנגנון Protected View של Outlook

PoC: CVE-2024-21413

Outlook exploitation

PoC: Moniker-Link-CVE-2024-21413-

On February 13th, 2024, Microsoft announced a Microsoft Outlook RCE & credential leak vulnerability with the assigned CVE of CVE-2024-21413 (Moniker Link). Haifei Li of Check Point Research is credited with discovering the vulnerability. The vulnerability bypasses Outlook's security mechanisms when handing a specific type of hyperlink .

PoC: CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability-PoC

This repository contains research notes and a high-level proof-of-concept (PoC) for CVE-2024-21413, a vulnerability observed in certain mail clients when handling SMB/moniker-style links embedded in messages. The PoC and experiments documented here were performed in a controlled lab environment on systems.

PoC: Project-NTLM-Hash-Capture-and-Phishing-Email-Exploitation-for-CVE-2024-21413

The project was created to demonstrate the use of various tools for capturing NTLM hashes from users on a network and for executing phishing attacks using email. This showcases how network authentication vulnerabilities and phishing methods can be exploited to compromise systems.

PoC: CVE-2024-21413

CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability PoC

PoC: CVE-2024-21413

Microsoft Outlook Remote Code Execution Vulnerability.

PoC: CVE-2024-21413

This is a mailer that use console prompt to exploit this vulnerability

PoC: CVE-2024-21413

CVE-2024-21413 PoC

PoC: CVE-2024-21413

This script is the Proof of Concept (PoC) of the CVE-2024-21413, a significant security vulnerability discovered in the Microsoft Windows Outlook having a strong 9.8 critical CVSS score. Named as #MonikerLink Bug, this vulnerability allows the attacker to execute the arbitrary code remotely on the victim's machine, thus becomes a full-fledged RCE.

PoC: CVE-2024-21413-Microsoft-Outlook-RCE-Exploit

CVE-2024-21413 Microsoft Outlook RCE Exploit

PoC: SVPT_CW_2

CVE-2024-21413 Setup for CW

PoC: CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability

Bu betik, Microsoft Outlook'ta keşfedilen ve CVSS değeri 9.8 olan önemli bir güvenlik açığı olan CVE-2024-21413 için bir kavram kanıtı (PoC) sunmaktadır. MonikerLink hatası olarak adlandırılan bu güvenlik açığı, yerel NTLM bilgilerinin potansiyel sızıntısı ve uzaktan kod çalıştırma olasılığı dahil olmak üzere geniş kapsamlı etkilere sahiptir.

PoC: CVE-2024-21413

CVE-2024-21413 Açığını Kullanarak Giriş Bilgilerini Alma

PoC: CVE-2024-21413

CVE-2024-21413 PoC for THM Lab

PoC: CVE-2024-21413

Microsoft Outlook Information Disclosure Vulnerability (leak password hash)

PoC: CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability

Microsoft-Outlook-Remote-Code-Execution-Vulnerability

PoC: CVE-2024-21413

Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free