What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of NTLM hashes. How could an attacker exploit this vulnerability? External attackers could send specially crafted emails that will cause a connection from the victim to an untrusted location of attackers' control. This will leak the Net-NTLMv2 hash of the victim to the untrusted network which an attacker can then relay to another service and authenticate as the victim. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker would have to send the victim a malicious URL that the victim would have to execute.
Michael Pizzicaroli with Charles Schwab