Описание
Outlook for Windows Spoofing Vulnerability
FAQ
What type of information could be disclosed by this vulnerability?
Exploiting this vulnerability could allow the disclosure of NTLM hashes.
How could an attacker exploit this vulnerability?
External attackers could send specially crafted emails that will cause a connection from the victim to an untrusted location of attackers' control. This will leak the Net-NTLMv2 hash of the victim to the untrusted network which an attacker can then relay to another service and authenticate as the victim.
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
An attacker would have to send the victim a malicious URL that the victim would have to execute.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
8.1 High
CVSS3
Связанные уязвимости
Уязвимость почтового клиента Microsoft Outlook для операционных систем Windows, позволяющая нарушителю осуществлять спуфинг-атаки
EPSS
8.1 High
CVSS3