hey guys … is there a tutorial somewhere on how to exploit this vulnerability
CVE-2019-0586 ?

1 Like

if you can find a little more info on it and pm me
but in this scenario I only see checking the diffs on the files effected by the patch to be our solution in figuring this out sending the email to the system and waiting to see if you can spot the difference this is very interesting what sucks is they don’t specify what method even is it smtp pop3 imap etc.

Also let me add this they also specified that all you need to do is send the server the email no user interaction is required so something that parses the email without a user interacting is obviously at fault. I am setting up an exchange server and I am going to send it a mail and not open and see what goes on thanks for making my weekend project something 20 times over my head ■■■■ how else you gonna learn lol

yea well … you can find info on it publicly … but i cant seem to find methods to exploit it …

ya i checked i expected there to be some kind of poc this has to be pretty trivial if they are guarding it so well not easy but pretty reliable exploitation would occur I think i’m grabbing server 2019 now to see if I can manage to get some tools loaded and start mailing away and tracing execution flow

Can you explain how it happened? How is an email sent? Is user interaction required?