Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2018-8305

Опубликовано: 10 июл. 2018
Источник: msrc
EPSS Средний

Описание

Windows Mail Client Information Disclosure Vulnerability

An information disclosure vulnerability exists in Windows Mail Client when a message is opened. This vulnerability could potentially result in the disclosure of sensitive information to a malicious site.

To exploit the vulnerability, an attacker would have to send a malicious email to a user and convince the user to open the email. A connection to a remote server could then be automatically initiated, depending on the URL contained in the malicious email, Windows Mail Client could fall back to initiating a web request to a remote server, disclosing the external IP of the user's system.

The security update addresses the vulnerability by correcting how Windows Mail Client processes embedded URLs.

FAQ

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Personally Identifiable Information (PII).

How do I get the update for Mail, Calendar and People for Windows 8.1?

  1. From the Start Screen bring up the Microsoft Store.
  2. Click on the Updates (nn) link.
  3. Look for the Mail, Calendar, and People app icon.
  4. Right click to select and deselect updates to install – selected items are outlined in green with a check mark.
  5. Ensure the Mail, Calendar, and People is selected - highlighted in green with a check mark.
  6. Click the Install button.
  7. The update will then be installed on your device.

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

N/A

Older Software Release

Exploitation Less Likely

EPSS

Процентиль: 94%
0.14095
Средний

Связанные уязвимости

nvd логотип

CVE-2018-8305

CVSS3: 6.5
nvd
около 7 лет назад

An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka "Windows Mail Client Information Disclosure Vulnerability." This affects Mail, Calendar, and People in Windows 8.1 App Store.

github логотип

GHSA-85v2-f323-3rqr

CVSS3: 6.5
github
больше 3 лет назад

An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka "Windows Mail Client Information Disclosure Vulnerability." This affects Mail, Calendar, and People in Windows 8.1 App Store.

EPSS

Процентиль: 94%
0.14095
Средний