CVE-2018-0850 — Corporation Microsoft Outlook vulnerability

4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

16.8%

top 5.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Outlook Microsoft Office Microsoft Outlook

Timeline

PublishedFeb 15

Latest updateMay 13

Description

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDmicrosoft/outlook4 versions+3

▶CVEListV5microsoft_corporation/microsoft_outlookMicrosoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run

▶NVDmicrosoft/office2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-fgf4-56m5-8934: Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevat↗2022-05-13

▶

CVEList

CVE-2018-0850: Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevat↗2018-02-15

▶

📋Vendor Advisories

Microsoft

Microsoft Outlook Elevation of Privilege Vulnerability↗2018-02-13

▶