CVE-2018-0791 — Corporation Microsoft Outlook vulnerability

4 documents4 sources

Severity

7.8HIGHNVD

EPSS

35.6%

top 2.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Outlook Microsoft Office Microsoft Outlook

Timeline

PublishedJan 10

Latest updateMay 13

Description

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDmicrosoft/outlook4 versions+3

▶CVEListV5microsoft_corporation/microsoft_outlookMicrosoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013, Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016+1

▶NVDmicrosoft/office2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-728m-958h-h5gw: Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to↗2022-05-13

▶

CVEList

CVE-2018-0791: Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to↗2018-01-10

▶

📋Vendor Advisories

Microsoft

Microsoft Office Remote Code Execution Vulnerability↗2018-01-09

▶