CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-21413

High Severity
Microsoft
SVRS
50/100
CVSSv3
NA/10
EPSS
0.93871/1

CVE-2024-21413 is a critical Microsoft Outlook Remote Code Execution Vulnerability. This flaw allows attackers to execute arbitrary code on a victim's system via Outlook. With an SVRS of 50, while not immediately critical, CVE-2024-21413 should be addressed promptly. Publicly available exploits and active exploitation "In The Wild" increase the risk. Successfully exploiting this vulnerability can lead to complete system compromise. This poses a significant threat to organizations reliant on Outlook for daily communications and data security. Prioritize patching based on the vendor's advisory and CISA's Known Exploited Vulnerabilities catalog to mitigate potential damage.

TAGS
In The Wild
Exploit Avaliable
Vendor-advisory
CISA KEV
VECTOR STRING
PUBLICATION DATE2024-02-13
LAST MODIFIED2025-03-10
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-21413 is a critical vulnerability in Microsoft Outlook that allows remote code execution (RCE) when a user opens a specially crafted email. The vulnerability is caused by a buffer overflow in the way Outlook handles certain email attachments.

Key Insights:

  1. High Severity: The CVSS score of 9.8 and the SVRS of 58 indicate that this vulnerability is highly severe and poses a significant risk to organizations.
  2. Active Exploitation: The vulnerability is actively exploited in the wild, meaning that attackers are actively using it to target organizations.
  3. Threat Actors: Threat actors and APT groups are actively exploiting the vulnerability, making it even more critical for organizations to take immediate action.
  4. CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the vulnerability, urging organizations to take immediate and necessary measures to protect their systems.

Mitigation Strategies:

  1. Apply Software Updates: Organizations should immediately apply the latest security updates released by Microsoft to patch the vulnerability.
  2. Disable Preview Pane: Users should disable the preview pane in Outlook to reduce the risk of exploitation.
  3. Educate Users: Organizations should educate users about the vulnerability and advise them to be cautious when opening email attachments, especially from unknown senders.
  4. Implement Email Security Solutions: Organizations should implement email security solutions that can detect and block malicious emails before they reach users' inboxes.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Cyber-Trambon/CVE-2024-21413-exploithttps://github.com/Cyber-Trambon/CVE-2024-21413-exploit2025-02-10
DevAkabari/CVE-2024-21413https://github.com/DevAkabari/CVE-2024-214132024-02-28
olebris/CVE-2024-21413https://github.com/olebris/CVE-2024-214132024-06-28
ThemeHackers/CVE-2024-21413https://github.com/ThemeHackers/CVE-2024-214132024-08-31
ArtemCyberLab/Project-NTLM-Hash-Capture-and-Phishing-Email-Exploitation-for-CVE-2024-21413https://github.com/ArtemCyberLab/Project-NTLM-Hash-Capture-and-Phishing-Email-Exploitation-for-CVE-2024-214132025-03-25
Microsoft Outlook Improper Input Validation Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-214132025-02-06
duy-31/CVE-2024-21413https://github.com/duy-31/CVE-2024-214132024-02-15
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI
Microsoft Threat Intelligence2025-04-09
Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI | Exchange Server and SharePoint Server are business-critical assets and considered crown-jewels for many organizations, making them attractive targets for attacks. To help customers protect their environments and respond to these attacks, Exchange Server and SharePoint Server integrated Windows Antimalware Scan Interface (AMSI), providing an essential layer of protection by preventing harmful web requests from reaching backend endpoints. The blog outlines several attacks prevented by AMSI integration and highlights recent enhancements. The blog also provides protection and mitigation guidance and how defenders can respond
microsoft.com
rss
forum
news
Moniker Link (CVE-2024–21413) | TryHackMe | Write-Up by FarrosFR
Mochammad Farros Fatchur Roji2025-04-04
Moniker Link (CVE-2024–21413) | TryHackMe | Write-Up by FarrosFR | Here is my write-up for the free room Moniker Link (CVE-2024–21413) in 2025, and I hope it will be useful for learning. This time, I will…Continue reading on Medium »
medium.com
rss
forum
news
El grupo de hackers XE explota el día cero de VeraCore para implementar shells web persistentes
Diego Cortes R. ([email protected])2025-04-01
El grupo de hackers XE explota el día cero de VeraCore para implementar shells web persistentes | Se ha observado que los actores de amenazas explotan múltiples fallas de seguridad en varios productos de software, incluidos Progress Telerik UI para ASP.NET AJAX y Advantive VeraCore, para lanzar shells inversos
blogger.com
rss
forum
news
[MàJ] Vulnérabilité dans Microsoft Outlook (15 février 2024)
2025-04-01
[MàJ] Vulnérabilité dans Microsoft Outlook (15 février 2024) | \[Mise à jour du 15 mars 2024\] Ajout de précision concernant les défi-réponses NTLM \[Mise à jour du 22 février 2024\] Ajout de recommandations et de précisions sur le fonctionnement de la vulnérabilité. La vulnérabilité CVE-2024-21413 permet à un attaquant de contourner les mesures de sécurité...
ssi.gouv.fr
rss
forum
news
Avast Q1/2024 Threat Report
Threat Research Team2025-04-01
Avast Q1/2024 Threat Report | Nearly 90% of Threats Blocked are Social Engineering, Revealing a Huge Surge of Scams, and Discovery of the Lazarus APT Campaign The post Avast Q1/2024 Threat Report appeared first on Avast Threat Labs.Nearly 90% of Threats Blocked are Social Engineering, Revealing a Huge Surge of Scams, and Discovery of the Lazarus APT Campaign<
avast.io
rss
forum
news
Falha do MS Outlook com CVSS 9.8 está sob ataque
Da Redação2025-02-10
Falha do MS Outlook com CVSS 9.8 está sob ataque | A Agência de Segurança Cibernética e de Infraestrutura dos EUA alerta (CISA) que a vulnerabilidade CVE-2024-21413, no Microsoft Outlook, está sendo explorada ativamente em ataques. Essa falha crítica permite que invasores executem código remotamente, contornando a proteção do Office Protected View e abrindo documentos maliciosos diretamente no modo de edição, sem necessidade de qualquer ação [&#8230;] Fonte
cisoadvisor.com.br
rss
forum
news
XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells
Ajit Jasrotia2025-02-10
XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells | Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as [&#8230;] The post XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells<
allhackernews.com
rss
forum
news

Social Media

Day 92 of #100DaysOfCybersecurity @jay_hunts @segoslavia Explored the Moniker Link room on TryHackMe and learned about CVE-2024-21413, an Outlook vulnerability allowing NTLM hash leaks &amp; RCE via malicious links. Tested it using Responder &amp; a Python script with smtplib. https://t.co/tatLWHfGIo
0
0
0
Is your organization using Outlook? Is it up to date? It is a good practice to always use the latest versions of the apps. If not, be sure to always download security updates. There are versions of Outlook that are vulnerable to Moniker Link (CVE-2024-21413).
1
0
0
#Vulnerability #CVE202421413 CVE-2024-21413 (CVSS 9.8): Critical Outlook Flaw Under Active Attack, PoC Available https://t.co/9nSJAXD4kr
0
0
1
Microsoft, La faille critique de Sécurité Outlook CVE-2024-21413 permet une exécution de code arbitraire à distance. Mise en garde de la CISA. https://t.co/RAsPlhneWz #.Code Arbitraire à Distance #.Exploitation #.Faille #CISA
0
1
1
Die US-Sicherheitsbehörde #CISA warnt vor einer akuten Bedrohung: Eine kritische Sicherheitslücke in #Microsoft #Outlook (CVE-2024-21413) wird derzeit aktiv von Cyberkriminellen ausgenutzt. https://t.co/XBhJ4aMuW8
0
0
0
CISA has warned U.S. federal agencies about active exploitation of a critical Microsoft Outlook Remote Code Execution (RCE) vulnerability (CVE-2024-21413). . Discovered by Check Point, the flaw allows attackers to bypass Outlook’s Protected View. . #CyberSecurity https://t.co/dLqYzhkCPx
0
0
0
🚨 Critical RCE vulnerability in Microsoft Outlook! CVE-2024-21413 is being actively exploited, allowing remote code execution via malicious emails. Even opening the preview pane can trigger an attack! 🔒 Update NOW with Microsoft's February 2024 security patch! #CyberSecurity https://t.co/5H3BYVmC79
0
0
3
🚨 Critical Outlook RCE Bug Exploited! 🚨 Hackers are actively targeting CVE-2024-21413, allowing remote code execution via malicious emails! Update your systems now to stay protected. 🔗 Read more: https://t.co/Yr7xzaVoc4 #microsoft #CyberSecurity #hackers #RCE #email https://t.co/B9YFO1t6Dy
0
0
0
🚨 CVE Alert: Microsoft Outlook Remote Code Execution Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2024-21413 (CVSS 9.8/10) Microsoft Outlook Remote Code Execution Vulnerability Impact: A Successful exploit may allow a remote attacker to execute malicious https://t.co/S8EpZI6nOY
0
0
1
[IT-Connect] - Microsoft Outlook : cette faille critique est désormais exploitée dans des cyberattaques (CVE-2024-21413) - https://t.co/hFSbRHUDWv 👌😁
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppMicrosoft365_apps
AppMicrosoftoffice_long_term_servicing_channel
AppMicrosoftoffice

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413
[email protected]https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/
GITHUBhttps://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/
MICROSOFT OUTLOOK REMOTE CODE EXECUTION VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413
AF854A3A-2127-422B-91AE-364DA2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413
AF854A3A-2127-422B-91AE-364DA2661108https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413
GITHUBhttps://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/

CWE Details

CWE IDCWE NameDescription
CWE-20Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence