Описание
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:office:2016:*:*:*:click-to-run:*:*:*
cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2010:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2013:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.11315
Средний
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 6.5
github
около 3 лет назад
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".
EPSS
Процентиль: 93%
0.11315
Средний
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
NVD-CWE-noinfo