Important 📢 Publicly disclosed 2018-01 archive

Executive Summary

A spoofing vulnerability exists when Microsoft Outlook for MAC does not properly handle the encoding and display of email addresses. This improper handling and display may cause antivirus or antispam scanning to not work as intended. To exploit the vulnerability, an attacker could send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing. The security update addresses the vulnerability by correcting how Outlook for MAC displays encoded email addresses.

Overview

Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
Category Spoofing
Released Jan 9 2018
Last Updated Jan 9 2018
Publicly Disclosed Yes
CISA KEV Not Listed
Known Exploits None Known

EPSS Score

No EPSS score available for this CVE.

View on FIRST.org

Affected Products

1 affected product
Product KB Article Severity Impact Restart Required
Microsoft Office 2016 for Mac Release Notes (Security Update) Important Spoofing No

Patches

1 patch
Article Type Restart
Release Notes Security Update No

Known Exploits

Acknowledgments

Sabri Haddouche (@pwnsdx) of Wire Swiss GmbH