There is no user interaction required to trigger this vulnerability. Once Outlook receives this message it initiates a NTLM authentication with this SMB share server. An attacker can send an email to the victim with an extended MAPI (Microsoft Outlook Messaging API) property with a UNC (Universal Naming Convention – A string format that specifies the location of a resource) path to an attacker-controlled SMB (TCP 445) share.
0 Comments
Leave a Reply. |