Summary
This article describes a vulnerability (CVE-2024-21378) in Microsoft Outlook that allowed attackers to execute arbitrary code on a victim’s computer. The vulnerability existed due to improper handling of form objects and registry keys.
Highlights
- Attackers could create a malicious form and send it to the victim’s mailbox.
- When the victim opened the form, it would exploit the vulnerability to install a malicious DLL on the victim’s computer.
- The DLL could then be loaded by Outlook, allowing the attacker to execute arbitrary code.
- This vulnerability could be exploited by attackers with compromised credentials.
- Microsoft has released a patch to fix this vulnerability (CVE-2024-21378).