CVE-2024-21378 — Remote Code Execution in Microsoft Outlook
NetSpi Technical
MARCH 11, 2024
This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost. In response, a patch was issued to enforce allowlisting for script code in custom forms. Note: we set the location to Inbox when installing the custom form via config file.
Let's personalize your content