SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (E-mail Client)  >   Microsoft Outlook Vendors:   Microsoft
Microsoft Outlook Attachment Header Parsing Bug Lets Remote Users Send Hidden Attachments to the Target User
SecurityTracker Alert ID:  1041107
SecurityTracker URL:  http://securitytracker.com/id/1041107
CVE Reference:   CVE-2018-8244   (Links to External Site)
Date:  Jun 12 2018
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2010 SP2, 2013 RT SP1, 2016, 2016 Click-to-Run
Description:   A vulnerability was reported in Microsoft Outlook. A remote user can send hidden attachments to the target user.

A remote user can send an email with specially attachment headers to send a hidden attachment to the target user. When the target user clicks on a link in the email, the hidden attachment will be opened or executed.

[Editor's note: Blocked files will still be blocked on the target user's system.]

Jonathan Birch of Microsoft Corporation reported this vulnerability.

Impact:   A remote user can send hidden attachments to the target user.
Solution:   The vendor has issued a fix.

The Microsoft advisories are available at:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244
https://www.microsoft.com/downloads/details.aspx?familyid=b94f491e-613c-44d6-975c-ff980f43473f
https://www.microsoft.com/downloads/details.aspx?familyid=78c6e5fd-6021-488d-8b83-a94de9d82d4d
https://www.microsoft.com/downloads/details.aspx?familyid=a9924498-c55b-4ac8-b35c-7bf142449556
https://www.microsoft.com/downloads/details.aspx?familyid=d6c89db4-f152-432f-abf3-48c16eaf2c63
https://www.microsoft.com/downloads/details.aspx?familyid=4164aec8-c385-4025-9790-368f3fdbf11c
https://www.microsoft.com/downloads/details.aspx?familyid=32e49f35-bfca-4c57-80c1-a7fe200a0ae4

Vendor URL:  portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244 (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC