Published: 15/02/2018 Updated: 03/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft outlook 2016
microsoft outlook 2013
microsoft outlook 2010
microsoft outlook 2007
microsoft office 2016

Roses are red, Windows error screens are blue. It's 2018, and an email can still pwn you

The Register • Shaun Nichols in San Francisco • 14 Feb 2018

Here's a bumper crop of security fixes you do not want to miss

Patch Tuesday Serious security flaws in Outlook and Edge are headlining a busy Microsoft Patch Tuesday. The Redmond giant has issued the February edition of its monthly security update, addressing a total of 50 CVE-listed vulnerabilities in its products. Adobe has also posted an update for flaws in Reader and Experience Manager. Headlining the Microsoft patch load is a fix for an Outlook bug, CVE-2018-0852, which is a memory corruption flaw that can be exploited to achieve remote code execution....

CVE-2018-0850

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect