Описание
Microsoft Outlook Information Disclosure Vulnerability
An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center.
A malicious user could potentially share anonymously-accessible links to other users via email where these links are intended to be accessed only by specific users.
The security update addresses the vulnerability by correcting how Microsoft Outlook generates links inserted into emails via the "Attach File" interface.
FAQ
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
Связанные уязвимости
An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8579.
An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8579.
Уязвимость почтового клиента Microsoft Outlook, связанная с ошибкой обработки настроек «Тип ссылки по умолчанию», позволяющая нарушителю получить доступ к защищаемой информации
EPSS