Zerodium Hikes Payout on Microsoft Outlook RCE
Zerodium a Zero Day exploit broker has announced it will pay $400,000 for zero-day remote code execution (RCE) vulnerabilities in the Microsoft Outlook email client.
It says the increased payout for this specific vulnerability exploit is temporary, but it did not disclose the deadline for submissions.
A zero-click exploit is a code that could trigger the vulnerability without any user interaction. In the case of Microsoft Outlook for Windows it is enough to send a message to the email client to trigger the issue.
We are temporarily increasing our payout for Microsoft Outlook RCEs from $250,000 to $400,000. Looking out for zero-click exploits leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment. Exploits relying on opening/reading an email may be acquired for a lower reward.Zerodium Statement
Zerodium is also temporarily offering $250,000 for RCE exploits in Mozilla Thunderbird, instead of $200,000.
We are looking for zero-click exploits affecting Thunderbird and leading to remote code execution when receiving/downloading emails, without requiring any user interaction such as reading the malicious email message or opening an attachment. Exploits relying on opening/reading an email may be acquired for a lower reward
The temporary bounties last announced by zerodium dated March 31, 2021, that it was temporarily tripling the bounty for WordPress RCE exploits. The payouts for WordPress RCEs passed from $100,000 to $300,000, and the offer is still active.