CVE-2017-0204Corporation Outlook vulnerability

4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
11.7%
top 6.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Corporation OutlookMicrosoft Outlook
Timeline
PublishedApr 12
Latest updateMay 13

Description

Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDmicrosoft/outlook4 versions+3
CVEListV5microsoft_corporation/outlookOutlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-cqw8-wjcr-3cwp: Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Of2022-05-13
CVEList
CVE-2017-0204: Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Of2017-04-12

📋Vendor Advisories

1
Microsoft
Microsoft Outlook Security Feature Bypass Vulnerability2017-04-11
CVE-2017-0204 — Corporation Outlook vulnerability | cvebase