Microsoft Outlook Remote Code Execution Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicrosoft 365 Apps
APPMicrosoftwszystkie wersjeMicrosoft Office 2016
APPMicrosoftwszystkie wersjeMicrosoft Office 2019
APPMicrosoftwszystkie wersjeMicrosoft Office Long Term Servicing Channel
APPMicrosoft2021
CISA KEV — detailsi
- Vendori
- Microsoft ↗
- Producti
- Office Outlook
- Added to KEVi
- February 6, 2025
- Remediation deadline (US Federal)i
- February 27, 2025(overdue)
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.
Related vulnerabilities
Microsoft Outlook Elevation of Privilege Vulnerability
Heap buffer overflow w Microsoft Graphics Component — zdalne wykonanie kodu
Microsoft Office Security Feature Bypass Vulnerability
Microsoft Word Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly h...