Endpoint Vulnerability

Microsoft Outlook Elevation of Privilege Vulnerability

Description

An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly. An attacker who successfully exploited the vulnerability could send an email with hidden attachments that would be opened or executed once a victim clicks a link within the email. Note that this does not bypass attachment filters, so blocked attachments will still be excluded.

Affected Products

Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions,Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions,Microsoft Outlook 2010 Service Pack 2 (32-bit editions),Microsoft Outlook 2010 Service Pack 2 (64-bit editions),Microsoft Outlook 2013 RT Service Pack 1,Microsoft Outlook 2013 Service Pack 1 (32-bit editions),Microsoft Outlook 2013 Service Pack 1 (64-bit editions),Microsoft Outlook 2016 x64,Microsoft Outlook 2016 x86

References

CVE-2018-8244,