CVE-2023-23397

GPTKB entity

Statements (29)
Predicate Object
gptkbp:instanceOf gptkb:security
gptkbp:affectedVersions Microsoft Outlook 2013
Microsoft Outlook 2016
Microsoft Outlook 2019
Microsoft Outlook for Microsoft 365
gptkbp:affects gptkb:Microsoft_Outlook
gptkbp:describes A critical privilege escalation vulnerability in Microsoft Outlook that allows attackers to steal NTLM hashes via specially crafted emails.
gptkbp:discoveredBy gptkb:CERT-UA
Microsoft Threat Intelligence
gptkbp:exploits true
gptkbp:hasCVSSScore 9.8
gptkbp:hasCWE gptkb:CWE-287
gptkbp:hasSeverity Critical
https://www.w3.org/2000/01/rdf-schema#label CVE-2023-23397
gptkbp:impact credential theft
authentication bypass
gptkbp:patchedBy Microsoft Patch Tuesday March 2023
gptkbp:publicationDate 2023-03-14
gptkbp:requiresNetworkAccess true
gptkbp:requiresUserInteraction false
gptkbp:vectorFor email
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
remotely exploitable
gptkbp:vulnerableTo gptkb:CVE-2023-23397
gptkb:NTLM_relay
privilege escalation
gptkbp:bfsParent gptkb:APT3
gptkb:ICEDCOFFEE_backdoor
gptkbp:bfsLayer 7