Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-136


Microsoft Outlook Security Flaws Let Remote Users Bypass Security to Execute Arbitrary Commands and Obtain User Email Content
Severity Rating: High
Systems Affected:
  • Microsoft Outlook versions 2010 SP2, 2013 RT SP1, 2016
Description
Two vulnerabilities have been identified in Microsoft Outlook and can be exploited by remote attackers to cause arbitrary commands to be executed on the target user's system and obtain potentially sensitive information on the target system. The vulnerabilities reported are as follows:
 
·         A remote user can create a specially crafted file that, when loaded and interacted with by the target user, will bypass a security feature and execute arbitrary commands on the target system. The commands will run with the privileges of the target user.
 
·         The software may fail to establish a secure connection and this can allow a remote user to monitor the network can obtain the email content of the target user.
 
Solution
Users are advised to apply updates.
More information about the update is available on:
 
CVE Information
 
Vendor Information
Microsoft
 
References
Security Tracker
 
Microsoft
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis