CVE-2016-3366 — Improper Access Control in Microsoft Outlook

CWE-284 — Improper Access Control4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
10.4%
top 6.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Outlook
Timeline
PublishedSep 14
Latest updateMay 13

Description

Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement RFC 2046, which allows remote attackers to bypass virus or spam detection via crafted MIME data in an e-mail attachment, aka "Microsoft Office Spoofing Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

â–¶NVDmicrosoft/outlook4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-mm4r-5hp7-v6q3: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement↗2022-05-13
â–¶
CVEList
CVE-2016-3366: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement↗2016-09-14
â–¶

📋Vendor Advisories

1
Microsoft
Microsoft Outlook Spoofing Vulnerability↗2016-09-13
â–¶
CVE-2016-3366 — Improper Access Control in Microsoft | cvebase