Описание
Microsoft Outlook Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Outlook improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
To exploit the vulnerability, an attacker must first convince a user to open a specially crafted Outlook document.
The updates address the vulnerability by correcting how Outlook validates input before loading DLL files.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Outlook 2010 Service Pack 2 (32-bit editions) | ||
| Microsoft Outlook 2010 Service Pack 2 (64-bit editions) | ||
| Microsoft Outlook 2016 (32-bit edition) | ||
| Microsoft Outlook 2016 (64-bit edition) | ||
| Microsoft Outlook 2013 Service Pack 1 (32-bit editions) | ||
| Microsoft Outlook 2013 Service Pack 1 (64-bit editions) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-0260.
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-0260.
Уязвимость почтового клиента Microsoft Outlook, позволяющая нарушителю выполнить произвольный код
EPSS