Statements (29)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:security
|
| gptkbp:affectedVersions |
Microsoft Outlook 2013
Microsoft Outlook 2016 Microsoft Outlook 2019 Microsoft Outlook for Microsoft 365 |
| gptkbp:affects |
gptkb:Microsoft_Outlook
|
| gptkbp:describes |
A critical privilege escalation vulnerability in Microsoft Outlook that allows attackers to steal NTLM hashes via specially crafted emails.
|
| gptkbp:discoveredBy |
gptkb:CERT-UA
Microsoft Threat Intelligence |
| gptkbp:exploits |
true
|
| gptkbp:hasCVSSScore |
9.8
|
| gptkbp:hasCWE |
gptkb:CWE-287
|
| gptkbp:hasSeverity |
Critical
|
| gptkbp:impact |
credential theft
authentication bypass |
| gptkbp:patchedBy |
Microsoft Patch Tuesday March 2023
|
| gptkbp:publicationDate |
2023-03-14
|
| gptkbp:requiresNetworkAccess |
true
|
| gptkbp:requiresUserInteraction |
false
|
| gptkbp:vectorFor |
email
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N remotely exploitable |
| gptkbp:vulnerableTo |
gptkb:CVE-2023-23397
gptkb:NTLM_relay privilege escalation |
| gptkbp:bfsParent |
gptkb:APT3
gptkb:ICEDCOFFEE_backdoor |
| gptkbp:bfsLayer |
7
|
| https://www.w3.org/2000/01/rdf-schema#label |
CVE-2023-23397
|