CVE-2018-0819 — Corporation Microsoft Office 2016 FOR MAC vulnerability

7 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

10.1%

top 6.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Office 2016 FOR MAC Microsoft Office Msrc Microsoft Office 2016 FOR MAC

Timeline

PublishedJan 10

Latest updateMay 13

Description

Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing, due to how Outlook for Mac displays encoded email addresses, aka "Spoofing Vulnerability in Microsoft Office for Mac."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶msrcmsrc/microsoft_office_2016_for_mac

▶CVEListV5microsoft_corporation/microsoft_office_2016_for_macMicrosoft Office 2016 for Mac

▶NVDmicrosoft/office2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-xg5r-2pq7-4cq4: Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering a↗2022-05-13

▶

📋Vendor Advisories

Microsoft

Spoofing Vulnerability in Microsoft Office for MAC↗2018-01-09

▶

🕵️Threat Intelligence

Krebs

Microsoft’s Jan. 2018 Patch Tuesday Lowdown↗2018-01-10

▶

Krebs

Microsoft’s Jan. 2018 Patch Tuesday Lowdown↗2018-01-10

▶

Talos

Microsoft Patch Tuesday - January 2018↗2018-01-09

▶

Talos

Microsoft Patch Tuesday - January 2018↗2018-01-09

▶