Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2023-35636

Published: 12/12/2023 Updated: 14/12/2023
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Office

Vulnerability Summary

Microsoft Outlook Information Disclosure Vulnerability

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft office 2019

microsoft 365 apps -

microsoft office 2016

microsoft office long term servicing channel 2021

Github Repositories

https://github.com/padey/Sublime-Detection-Rules

This repo contains all my personal Sublime Security detection rules.

Sublime Detection Rules _____ __ ___ _____ _ __ / ___/__ __/ /_ / (_)___ ___ ___ / ___/___ _______ _______(_) /___ __ \__ \/ / / / __ \/ / / __ `__ \/ _ \ \__ \/ _ \/ ___/ / / / ___/ / __/ / / / ___/ / /_/ / /_/ / / / / / / / / __/ ___/ / __/ /__/ /_/ / / / / /_/ /_/ / /____/\__,_/____/_/

https://github.com/duy-31/CVE-2023-35636

Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC

CVE-2023-35636 Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC CVE-2023-35636 an exploit of the calendar sharing function in Microsoft Outlook, whereby adding two headers to an email directs Outlook to share content and contact a designated machine creating an opportunity to intercept an NTLM v2 hash Run a responder with SMB ser

Recent Articles

Microsoft pulls fix for Outlook bug behind ICS security alerts
BleepingComputer • Sergiu Gatlan • 23 Apr 2024

Microsoft pulls fix for Outlook bug behind ICS security alerts By Sergiu Gatlan April 23, 2024 05:50 PM 0 Microsoft has rolled back a fix for a known Outlook issue that was causing incorrect security alerts when opening ICS calendar files after installing the December Outlook Desktop security updates. Affected Microsoft 365 users are seeing unexpected warnings that "Microsoft Office has identified a potential security concern" and that "This location may be unsafe" when double-clicking ICS files...

Read more...
Microsoft fixes Outlook security alerts bug caused by December updates
BleepingComputer • Sergiu Gatlan • 04 Apr 2024

Microsoft fixes Outlook security alerts bug caused by December updates By Sergiu Gatlan April 4, 2024 03:14 PM 0 Microsoft has fixed an issue that triggers erroneous Outlook security alerts when opening .ICS calendar files after installing the December 2023 Outlook Desktop security updates. The December Patch Tuesday security updates behind these inaccurate warnings patch the CVE-2023-35636 Microsoft Outlook information disclosure vulnerability, which attackers can exploit to steal NTLM hashes v...

Read more...

References

NVD-CWE-noinfohttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35636https://nvd.nist.govhttps://github.com/padey/Sublime-Detection-Ruleshttps://www.bleepingcomputer.com/news/security/microsoft-fixes-outlook-security-alerts-bug-caused-by-december-updates/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook