Microsoft Outlook Security Flaws Let Remote Users Bypass Security to Execute Arbitrary Commands and Obtain User Email Content
Severity Rating: High
- Microsoft Outlook versions 2010 SP2, 2013 RT SP1, 2016
Two vulnerabilities have been identified in Microsoft Outlook and can be exploited by remote attackers to cause arbitrary commands to be executed on the target user's system and obtain potentially sensitive information on the target system. The vulnerabilities reported are as follows:
· A remote user can create a specially crafted file that, when loaded and interacted with by the target user, will bypass a security feature and execute arbitrary commands on the target system. The commands will run with the privileges of the target user.
· The software may fail to establish a secure connection and this can allow a remote user to monitor the network can obtain the email content of the target user.
Users are advised to apply updates.
More information about the update is available on:
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street