The good:
Microsoft Outlook attachments and links cannot be downloaded by default to prevent exploit (let say a malicious script execution).A (wellknown) readonly feature called Office Protected View.
- So, in theory, an attacker would be happy if you double click (but a warning will appear from Office Protected View), and then click again to unlock Office Protected View.
- Microsoft, years ago, intentionally put a restriction in place to not allow the opening of remote file links unless allowed by user.
The bad:
So where is the risk ? CheckPoint research found a vulnerability in Outlook defined as MonikerLink Bug- The restriction can be avoided easily adding an esclamation mark (!) to in the API call: example from CheckPoint "file:///\\10.10.111.111\test\test.rtf!".
- The '!' character will be treated as a call to a COM (Component Object Model) server, thus (simplifying) rtf file (a word file) will be accessed, by passing Office Protected View.
Solutions:
... Fix, then fix, and fix again: follow the Security update from Microsoft.Credits: Check Point Research
CVE: CVE-2024-21413