CVE-2017-0207
published 2017-04-12CVE-2017-0207: Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing…
PriorityP434medium6.5CVSS 3.0
AVNACLPRNUIRSUCNIHAN
EPSS
10.48%
95.2th percentile
Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | outlook | — | — |
| microsoft_corporation | outlook | — | — |
| msrc | microsoft_outlook_for_mac_2011 | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_msrc6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Outlook Spoofing Vulnerability
vendor_msrc·2017-04-11·CVSS 6.5
CVE-2017-0207 [MEDIUM] Microsoft Outlook Spoofing Vulnerability
Microsoft Outlook Spoofing Vulnerability
Description: A spoofing vulnerability exists in when Microsoft Outlook for Mac improperly validates HTML tag input. An attacker who successfully tricked the user could gain access to the user's authentication information or login credentials.
In an email attack scenario an attacker could exploit the vulnerability by sending an email with specific HTML tags, that could display a malicious authentication prompt.
The security update addresses the vulnerability by correcting how Outlook for Mac sanitizes HTML tags.
Microsoft Office: Microsoft Office
Impact: Spoofing
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:Exploitation Unlikely
Reference: https://www.microsoft.com/downlo
GHSA
GHSA-853h-5m2g-mvqh: Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofi
ghsa_unreviewed·2022-05-13
CVE-2017-0207 [MEDIUM] GHSA-853h-5m2g-mvqh: Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofi
Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability."
No detection rules found.
No public exploits indexed.
Recorded Future
China's Influence on National Network Vulnerability Publications | Recorded Future
blogs_recorded_future·CVSS 7.8
[HIGH] China's Influence on National Network Vulnerability Publications | Recorded Future
## China’s Ministry of State Security Likely Influences National Network Vulnerability Publications
## Executive Summary
Earlier research based on the last two years of vulnerability reporting illustrated that China’s National Vulnerability Database of Information Security (CNNVD) was generally more aggressive in capturing up-to-date information for software vulnerabilities than its U.S. counterpart (NVD). In this research we examine exceptions to this general rule and discover a broader role for the Ministry of State Security (MSS) in vulnerability reporting than was previously known.
Recorded Future analysis has uncovered evidence of a formal vulnerability evaluation process at CNNVD in which High-threat CVEs are likely evaluated for their operational utility by the MSS before publica
Recorded Future
China's Influence on National Network Vulnerability Publications
blogs_recorded_future·CVSS 7.8
[HIGH] China's Influence on National Network Vulnerability Publications
# China’s Ministry of State Security Likely Influences National Network Vulnerability Publications
Click here to download the complete analysis as a PDF.
### Executive Summary
Earlier research based on the last two years of vulnerability reporting illustrated that China’s National Vulnerability Database of Information Security (CNNVD) was generally more aggressive in capturing up-to-date information for software vulnerabilities than its U.S. counterpart (NVD). In this research we examine exceptions to this general rule and discover a broader role for the Ministry of State Security (MSS) in vulnerability reporting than was previously known.
Recorded Future analysis has uncovered evidence of a formal vulnerability evaluation process at CNNVD in which High-threat CVEs are likely evaluated
http://www.securityfocus.com/bid/97463http://www.securitytracker.com/id/1038242https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0207http://www.securityfocus.com/bid/97463http://www.securitytracker.com/id/1038242https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0207
2017-04-12
Published