A threat actor alleging to possess a zero-day exploit allowing for Remote Code Execution (RCE) in Microsoft Outlook and trying to sell it on a hacking forum. According to the actor, this zero-day exploit bypasses security measures across all versions of the popular email client.
According to the post, the buyer will get exclusive rights, the source code of the exploit, and documentation that details how the exploit works. While exclusive rights are not explained further, this might mean they will have the freedom to leverage it without competition or the risk of others. The source code and the documentation will also provide transparency and customization opportunities for the buyer. With access to it, they can analyze its inner workings, make modifications, and potentially discover further vulnerabilities or improvements.
For the whole package, the threat actor asks for $300,000, and they demand transactions to occur only through an escrow to ensure both parties’ security and trust during the exchange.