Statements (29)
Predicate | Object |
---|---|
gptkbp:instanceOf |
gptkb:security
|
gptkbp:affectedVersions |
Microsoft Outlook 2013
Microsoft Outlook 2016 Microsoft Outlook 2019 Microsoft Outlook for Microsoft 365 |
gptkbp:affects |
gptkb:Microsoft_Outlook
|
gptkbp:describes |
A critical privilege escalation vulnerability in Microsoft Outlook that allows attackers to steal NTLM hashes via specially crafted emails.
|
gptkbp:discoveredBy |
gptkb:CERT-UA
Microsoft Threat Intelligence |
gptkbp:exploits |
true
|
gptkbp:hasCVSSScore |
9.8
|
gptkbp:hasCWE |
gptkb:CWE-287
|
gptkbp:hasSeverity |
Critical
|
https://www.w3.org/2000/01/rdf-schema#label |
CVE-2023-23397
|
gptkbp:impact |
credential theft
authentication bypass |
gptkbp:patchedBy |
Microsoft Patch Tuesday March 2023
|
gptkbp:publicationDate |
2023-03-14
|
gptkbp:requiresNetworkAccess |
true
|
gptkbp:requiresUserInteraction |
false
|
gptkbp:vectorFor |
email
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N remotely exploitable |
gptkbp:vulnerableTo |
gptkb:CVE-2023-23397
gptkb:NTLM_relay privilege escalation |
gptkbp:bfsParent |
gptkb:APT3
gptkb:ICEDCOFFEE_backdoor |
gptkbp:bfsLayer |
7
|