Microsoft Outlook Elevation of Privilege Vulnerability - CVE-2018-0850ID: oval:org.secpod.oval:def:43876 | Date: (C)2018-02-14 (M)2023-07-13 |
Class: VULNERABILITY | Family: windows |
An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB). To exploit the vulnerability, the attacker could send a specially crafted email to a victim. Outlook would then attempt to open a pre-configured message store contained in the email upon receipt of the email. This update addresses the vulnerability by ensuring Office fully validates incoming email formatting before processing message content.
Platform: |
Microsoft Windows Server 2022 |
Microsoft Windows 11 |
Microsoft Windows Server 2019 |
Microsoft Windows 7 |
Microsoft Windows 8 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Vista |
Microsoft Windows 10 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows XP |
Product: |
Microsoft 365 Apps for Enterprise |
Microsoft Outlook 2007 |
Microsoft Outlook 2010 |
Microsoft Outlook 2013 |
Microsoft Outlook 2016 |