Microsoft Outlook Attachment Header Parsing Bug Lets Remote Users Send Hidden Attachments to the Target User
|
|
SecurityTracker Alert ID: 1041107 |
|
SecurityTracker URL: http://securitytracker.com/id/1041107
|
|
CVE Reference:
CVE-2018-8244
(Links to External Site)
|
Date: Jun 12 2018
|
Impact:
Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2010 SP2, 2013 RT SP1, 2016, 2016 Click-to-Run
|
Description:
A vulnerability was reported in Microsoft Outlook. A remote user can send hidden attachments to the target user.
A remote user can send an email with specially attachment headers to send a hidden attachment to the target user. When the target user clicks on a link in the email, the hidden attachment will be opened or executed.
[Editor's note: Blocked files will still be blocked on the target user's system.]
Jonathan Birch of Microsoft Corporation reported this vulnerability.
|
Impact:
A remote user can send hidden attachments to the target user.
|
Solution:
The vendor has issued a fix.
The Microsoft advisories are available at:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244
https://www.microsoft.com/downloads/details.aspx?familyid=b94f491e-613c-44d6-975c-ff980f43473f
https://www.microsoft.com/downloads/details.aspx?familyid=78c6e5fd-6021-488d-8b83-a94de9d82d4d
https://www.microsoft.com/downloads/details.aspx?familyid=a9924498-c55b-4ac8-b35c-7bf142449556
https://www.microsoft.com/downloads/details.aspx?familyid=d6c89db4-f152-432f-abf3-48c16eaf2c63
https://www.microsoft.com/downloads/details.aspx?familyid=4164aec8-c385-4025-9790-368f3fdbf11c
https://www.microsoft.com/downloads/details.aspx?familyid=32e49f35-bfca-4c57-80c1-a7fe200a0ae4
|
Vendor URL: portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244 (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
