NetSPI discovered that Microsoft Outlook is vulnerable to authenticated remote code execution (CVE-2024-21378) due to improper validation of synchronized form objects. By manipulating a configuration file, attackers can automatically register and instantiate a custom form, specifying a malicious executable as the form server, which bypasses Outlook‘s faulty allow-listing mechanism, enabling remote code execution on the […]
The post 0-Click Outlook RCE Vulnerability Triggered When Email is Clicked – Technical Analysis appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers on Security | #1 Globally Trusted Cyber Security News Platform