Описание
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Offiice parses specially crafted email messages. An attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Offiice. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user and then convincing the user to open the file.
The security update addresses the vulnerability by correcting the way that Microsoft Offiice parses specially crafted email messages.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Outlook 2007 Service Pack 3 | ||
| Microsoft Outlook 2013 RT Service Pack 1 | - | |
| Microsoft Outlook 2010 Service Pack 2 (32-bit editions) | ||
| Microsoft Outlook 2010 Service Pack 2 (64-bit editions) | ||
| Microsoft Outlook 2016 (32-bit edition) | ||
| Microsoft Outlook 2016 (64-bit edition) | ||
| Microsoft Outlook 2013 Service Pack 1 (32-bit editions) | ||
| Microsoft Outlook 2013 Service Pack 1 (64-bit editions) | ||
| Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions | - | |
| Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions | - |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793.
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793.
Уязвимость почтового клиента Microsoft Outlook, связанная с недостатками разграничения доступа, позволяющая нарушителю выполнить произвольный код
EPSS