Описание
Microsoft Office Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.
In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability, and then convince a user to open the document file and interact with the document by clicking a specific cell.
The update addresses the vulnerability by correcting how Microsoft Office handles input.
FAQ
In addition to addressing the vulnerability described in this CVE, do the security updates for Microsoft Outlook address any other issues? Yes. In addition to addressing the vulnerability described in this CVE, the security updates address known issues 1 through 4 described in the Office Support Article Outlook known issues in the June 2017 security updates. Microsoft is currently investigating issues 6 and 7, and will provide an update to Outlook as soon as possible.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Outlook 2007 Service Pack 3 | ||
| Microsoft Outlook 2013 RT Service Pack 1 | - | |
| Microsoft Outlook 2010 Service Pack 2 (32-bit editions) | ||
| Microsoft Outlook 2010 Service Pack 2 (64-bit editions) | ||
| Microsoft Outlook 2016 (32-bit edition) | ||
| Microsoft Outlook 2016 (64-bit edition) | ||
| Microsoft Outlook 2013 Service Pack 1 (32-bit editions) | ||
| Microsoft Outlook 2013 Service Pack 1 (64-bit editions) | ||
| Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions | - | |
| Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions | - |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability".
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability".
EPSS