Spoofing attack in Microsoft Office for Mac

Published: 2018-01-09 22:23:55
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-0819
CVSSv3 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CWE ID CWE-451
Exploitation vector Network
Public exploit Not available
Vulnerable software Microsoft Office for Mac
Vulnerable software versions Microsoft Office for Mac 2016
Vendor URL Microsoft

Security Advisory

1) Spoofing

Description

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to improper validation of encoding and display of email addresses.A remote attacker can create a specially crafted email and bypass  antivirus or antispam scanning.

Successful exploitation of the vulnerability may allow an attacker to perform a spoofing attack.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0819

Back to List