Main Vulnerability Database Vulnerabilities #VU6295

#VU6295 Information disclosure in Microsoft Office for macOS and Microsoft Outlook for macOS - CVE-2017-0207

Published: April 12, 2017

Vulnerability identifier: #VU6295

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-0207

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Office for macOS
Microsoft Outlook for macOS

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to improper HTML tag input validation when parsing malicious files in Microsoft Outlook for Mac. A remote unauthenticated attacker can create a specially crafted email with specific HTML tags, trick the victim into opening it, perform spoofing attack and access authentication information or login credentials.

Successful exploitation of the vulnerability results in information disclosure.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0207

#VU6295 Information disclosure in Microsoft Office for macOS and Microsoft Outlook for macOS - CVE-2017-0207

Description

Remediation

External links

Please verify you're human