: Attackers use the extended MAPI property PidLidReminderFileParameter to specify a Universal Naming Convention (UNC) path pointing to a malicious SMB share.
: When Outlook attempts to "play" the notification sound from that path, it automatically sends the user's NTLM authentication hashes to the attacker's server. Why this ZIP is significant Download 1676365588 zip
This flaw allows an attacker to steal —a user's encrypted credentials—simply by sending a specially crafted email. Download 1676365588 zip