CVE-2017-8572 — Sensitive Information Exposure in Corporation Microsoft Office

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

20.4%

top 4.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Office Microsoft Outlook

Timeline

PublishedAug 1

Latest updateMay 13

Description

Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook Information Disclosure Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDmicrosoft/outlook4 versions+3

▶CVEListV5microsoft_corporation/microsoft_officeMicrosoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016.

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-p2x2-g9q4-v9rm: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an inform↗2022-05-13

▶

CVEList

CVE-2017-8572: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an inform↗2017-08-01

▶

📋Vendor Advisories

Microsoft

Microsoft Outlook Information Disclosure Vulnerability↗2017-07-11

▶