CVE-2017-0204
published 2017-04-12CVE-2017-0204: Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office…
PriorityP335medium5.5CVSS 3.0
AVLACLPRNUIRSUCNIHAN
EPSS
19.01%
97.0th percentile
Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft_corporation | outlook | — | — |
| msrc | microsoft_outlook_2007_service_pack_3 | — | — |
| msrc | microsoft_outlook_2010_service_pack_2 | — | — |
| msrc | microsoft_outlook_2013_service_pack_1 | — | — |
| msrc | microsoft_outlook_2016 | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_msrc5.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Outlook Security Feature Bypass Vulnerability
vendor_msrc·2017-04-11·CVSS 5.5
CVE-2017-0204 [MEDIUM] Microsoft Outlook Security Feature Bypass Vulnerability
Microsoft Outlook Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists in Microsoft Outlook software when it improperly handles the parsing of file formats. The security feature bypass by itself does not allow arbitrary code execution. However, to successfully exploit the vulnerability, an attacker would have to use it in conjunction with another vulnerability, such as a remote code execution vulnerability, to take advantage of the security feature bypass vulnerability and run arbitrary code.
To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Microsoft Outlook software.
The security update addresses the vulnerability by correcting how Microsoft Outlook handles the
GHSA
GHSA-cqw8-wjcr-3cwp: Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Of
ghsa_unreviewed·2022-05-13
CVE-2017-0204 [MEDIUM] GHSA-cqw8-wjcr-3cwp: Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Of
Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - April 2017
blogs_talos·2017-04-12·CVSS 7.8
CVE-2017-0106 [HIGH] Microsoft Patch Tuesday - April 2017
## Microsoft Patch Tuesday - April 2017
It’s that time again! Today we bring you April’s Microsoft Patch Tuesday information. These fixed vulnerabilities affect Outlook, Edge, Internet Explorer, Hyper-V, .NET, and Scripting Engine.
## Bulletins Rated Critical
CVE-2017-0106 outlines a vulnerability in Microsoft Word. It permits the bypass of security features when document loading is done via Outlook attachments for certain crafted emails. Successful exploitation of this issue may grant an attacker remote code execution.
CVE-2017-0158 details a vulnerability caused by certain malicious HTML files with VBScript content. Successful exploitation of this issue may grant an attacker remote code execution.
CVE-2017-0160 outlines a compromised WMI server accessed over DCOM using System.Manage
Talos
Microsoft Patch Tuesday - April 2017
blogs_talos·2017-04-12·CVSS 7.8
CVE-2017-0106 [HIGH] Microsoft Patch Tuesday - April 2017
It’s that time again! Today we bring you April’s Microsoft Patch Tuesday information. These fixed vulnerabilities affect Outlook, Edge, Internet Explorer, Hyper-V, .NET, and Scripting Engine.
### Bulletins Rated Critical
CVE-2017-0106 outlines a vulnerability in Microsoft Word. It permits the bypass of
security features when document loading is done via Outlook attachments for
certain crafted emails. Successful exploitation of this issue may grant an
attacker remote code execution.
CVE-2017-0158 details a vulnerability caused by certain malicious HTML files with VBScript content. Successful exploitation of this issue may grant an attacker remote code execution.
CVE-2017-0160 outlines a compromised WMI server accessed over DCOM using System.Management classes or the Powershell Get-WmiOb
http://www.securityfocus.com/bid/97458http://www.securitytracker.com/id/1038227https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0204http://www.securityfocus.com/bid/97458http://www.securitytracker.com/id/1038227https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0204
2017-04-12
Published