cbcvebase.
CVE-2018-0850
published 2018-02-15

CVE-2018-0850: Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of…

PriorityP333medium6.5CVSS 3.0
AVNACLPRNUIRSUCNIHAN
EPSS
5.13%
91.3th percentile
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".

Affected

13 ranges
VendorProductVersion rangeFixed in
microsoftoffice
microsoftoutlook
microsoftoutlook
microsoftoutlook
microsoftoutlook
microsoft_corporationmicrosoft_outlook
msrcmicrosoft_office_2016_click-to-run_for_32-bit_editions
msrcmicrosoft_office_2016_click-to-run_for_64-bit_editions
msrcmicrosoft_outlook_2007_service_pack_3
msrcmicrosoft_outlook_2010_service_pack_2
msrcmicrosoft_outlook_2013_rt_service_pack_1
msrcmicrosoft_outlook_2013_service_pack_1
msrcmicrosoft_outlook_2016

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_msrc6.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.