CVE-2018-0793 — Corporation Microsoft Outlook vulnerability

4 documents4 sources

Severity

7.8HIGHNVD

EPSS

33.9%

top 3.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Outlook Microsoft Office Microsoft Word

Timeline

PublishedJan 10

Latest updateMay 13

Description

Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0791.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5microsoft_corporation/microsoft_outlookMicrosoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013

▶NVDmicrosoft/word4 versions+3

▶NVDmicrosoft/office2010, 2016+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-8w72-m426-gq4j: Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages ar↗2022-05-13

▶

CVEList

CVE-2018-0793: Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages ar↗2018-01-10

▶

📋Vendor Advisories

Microsoft

Microsoft Office Remote Code Execution Vulnerability↗2018-01-09

▶