CVE-2017-8571
published 2017-08-01CVE-2017-8571: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature…
PriorityP338high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
5.78%
92.2th percentile
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability".
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft_corporation | microsoft_office | — | — |
| msrc | microsoft_office_2010_click-to-run_for_32-bit_editions | — | — |
| msrc | microsoft_office_2010_click-to-run_for_64-bit_editions | — | — |
| msrc | microsoft_office_2013_click-to-run_for_32-bit_editions | — | — |
| msrc | microsoft_office_2013_click-to-run_for_64-bit_editions | — | — |
| msrc | microsoft_office_2016_click-to-run_for_32-bit_editions | — | — |
| msrc | microsoft_office_2016_click-to-run_for_64-bit_editions | — | — |
| msrc | microsoft_outlook_2007_service_pack_3 | — | — |
| msrc | microsoft_outlook_2010_service_pack_2 | — | — |
| msrc | microsoft_outlook_2013_rt_service_pack_1 | — | — |
| msrc | microsoft_outlook_2013_service_pack_1 | — | — |
| msrc | microsoft_outlook_2016 | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xjr2-qfhr-fgc6: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a securit
ghsa_unreviewed·2022-05-13
CVE-2017-8571 [HIGH] CWE-20 GHSA-xjr2-qfhr-fgc6: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a securit
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability".
Microsoft
Microsoft Office Security Feature Bypass Vulnerability
vendor_msrc·2017-07-11·CVSS 7.8
CVE-2017-8571 [HIGH] Microsoft Office Security Feature Bypass Vulnerability
Microsoft Office Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.
In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability, and then convince a user to open the document file and interact with the document by clicking a specific cell.
The update addresses the vulnerability by correcting how Microsoft Office handles input.
FAQ: In addition to addressing the vulnerability described in this CVE, do the security updates for Microsoft Outlook address any other issues?
Yes. In addition to addressing the vulnerability described in this
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/99452http://www.securitytracker.com/id/1039012https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8571http://www.securityfocus.com/bid/99452http://www.securitytracker.com/id/1039012https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8571
2017-08-01
Published