CVE-2025-21298

Обходное решение

Use Microsoft Outlook to reduce the risk of users opening RTF Files from unknown or untrusted sources

To help protect against this vulnerability, we recommend users read email messages in plain text format.

For guidance on how to configure Microsoft Outlook to read all standard mail in plain text, please refer to Read email messages in plain text.

Impact of workaround: Email messages that are viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. In addition, the following behavior may be experienced:

• The changes are applied to the preview pane and to open messages.
• Pictures become attachments so that they are not lost.
• Because the message is still in Rich Text or HTML format in the store, the object model (custom code solutions) may behave unexpectedly.

FAQ

How could an attacker exploit the vulnerability?

In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim's Outlook application displaying a preview of a specially crafted email . This could result in the attacker executing remote code on the victim's machine.

What is OLE?

Object Linking and Embedding (OLE) is a technology that allows embedding and linking to documents and other objects. For more information please visit: Object Linking and Embedding (OLE) Data Structures.