CVE-2018-0791
published 2018-01-10CVE-2018-0791: Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way…
PriorityP349high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
20.57%
97.2th percentile
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | word | — | — |
| microsoft | word | — | — |
| microsoft | word | — | — |
| microsoft | word | — | — |
| microsoft_corporation | microsoft_outlook | — | — |
| msrc | microsoft_office_2016_click-to-run_for_32-bit_editions | — | — |
| msrc | microsoft_office_2016_click-to-run_for_64-bit_editions | — | — |
| msrc | microsoft_outlook_2007_service_pack_3 | — | — |
| msrc | microsoft_outlook_2010_service_pack_2 | — | — |
| msrc | microsoft_outlook_2013_rt_service_pack_1 | — | — |
| msrc | microsoft_outlook_2013_service_pack_1 | — | — |
| msrc | microsoft_outlook_2016 | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Office Remote Code Execution Vulnerability
vendor_msrc·2018-01-09·CVSS 7.8
CVE-2018-0791 [HIGH] Microsoft Office Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Offiice parses specially crafted email messages. An attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Offiice. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user and then convincing the user to open the file.
The security update addresses the vulnerability by correcting the way that Microsoft Offiice par
GHSA
GHSA-728m-958h-h5gw: Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2018-0791 [HIGH] GHSA-728m-958h-h5gw: Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793.
GHSA
GHSA-8w72-m426-gq4j: Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages ar
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2018-0793 [HIGH] GHSA-8w72-m426-gq4j: Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages ar
Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0791.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - January 2018
blogs_talos·2018-01-09·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - January 2018
## Microsoft Patch Tuesday - January 2018
Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 56 new vulnerabilities with 16 of them rated critical, 39 of them rated important and 1 of them rated Moderate. These vulnerabilities impact ASP.NET, Edge, Internet Explorer, Office, Windows, and more.
In addition to the 56 vulnerabilities addressed, Microsoft has also released an update that addresses Meltdown and Spectre. Mitigations for these two vulnerabilities were published for Windows in ADV180002 . Note that due to incompatibilities with anti-virus products, users and organizations may not have received this update yet. For more information, users shoul
Talos
Microsoft Patch Tuesday - January 2018
blogs_talos·2018-01-09·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - January 2018
Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 56 new vulnerabilities with 16 of them rated critical, 39 of them rated important and 1 of them rated Moderate. These vulnerabilities impact ASP.NET, Edge, Internet Explorer, Office, Windows, and more.
In addition to the 56 vulnerabilities addressed, Microsoft has also released an update that addresses Meltdown and Spectre. Mitigations for these two vulnerabilities were published for Windows in ADV180002. Note that due to incompatibilities with anti-virus products, users and organizations may not have received this update yet. For more information, users should refer to Microsoft's knowledge base articl
http://www.securityfocus.com/bid/102383http://www.securitytracker.com/id/1040154https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791http://www.securityfocus.com/bid/102383http://www.securitytracker.com/id/1040154https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0791
2018-01-10
Published