CVE-2017-8572
published 2017-08-01CVE-2017-8572: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information…
PriorityP429medium5.5CVSS 3.0
AVLACLPRNUIRSUCHINAN
EPSS
12.59%
95.7th percentile
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook Information Disclosure Vulnerability".
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft_corporation | microsoft_office | — | — |
| msrc | microsoft_office_2010_click-to-run_for_32-bit_editions | — | — |
| msrc | microsoft_office_2010_click-to-run_for_64-bit_editions | — | — |
| msrc | microsoft_office_2013_click-to-run_for_32-bit_editions | — | — |
| msrc | microsoft_office_2013_click-to-run_for_64-bit_editions | — | — |
| msrc | microsoft_office_2016_click-to-run_for_32-bit_editions | — | — |
| msrc | microsoft_office_2016_click-to-run_for_64-bit_editions | — | — |
| msrc | microsoft_outlook_2007_service_pack_3 | — | — |
| msrc | microsoft_outlook_2010_service_pack_2 | — | — |
| msrc | microsoft_outlook_2013_rt_service_pack_1 | — | — |
| msrc | microsoft_outlook_2013_service_pack_1 | — | — |
| msrc | microsoft_outlook_2016 | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc5.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p2x2-g9q4-v9rm: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an inform
ghsa_unreviewed·2022-05-13
CVE-2017-8572 [MEDIUM] CWE-200 GHSA-p2x2-g9q4-v9rm: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an inform
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook Information Disclosure Vulnerability".
Microsoft
Microsoft Outlook Information Disclosure Vulnerability
vendor_msrc·2017-07-11·CVSS 5.5
CVE-2017-8572 [MEDIUM] Microsoft Outlook Information Disclosure Vulnerability
Microsoft Outlook Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft Outlook fails to properly validate authentication requests.
To exploit the vulnerability an attacker would have to trick a user into browsing to a malicious website or to an SMB or UNC path destination. Alternatively the attacker could convince a user to load a malicious document that initiates an NTLM validation request without the consent of the user. An attacker who successfully tricked a user into disclosing the user's NTLM hash could attempt a brute-force attack to disclose the corresponding hash password.
The security update addresses the vulnerability by correcting how Outlook validates authentication requests.
FAQ: In addition to addressing the vulnera
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/99453http://www.securitytracker.com/id/1039010https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8572http://www.securityfocus.com/bid/99453http://www.securitytracker.com/id/1039010https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8572
2017-08-01
Published