Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-1105 (GCVE-0-2019-1105)
Vulnerability from cvelistv5 – Published: 2019-07-29 14:07 – Updated: 2025-05-20 17:49
VLAI?
EPSS
Title
Outlook for Android Spoofing Vulnerability
Summary
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.
The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.
The security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Outlook for Android |
Affected:
1.0 , < Publication
(custom)
|
Date Public ?
2019-06-20 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:31.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Outlook for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:android:*:*",
"versionEndExcluding": "Publication",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2019-06-20T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.\nThe attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.\nThe security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T17:49:51.518Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Outlook for Android Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1105"
}
],
"title": "Outlook for Android Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1105",
"datePublished": "2019-07-29T14:07:59.000Z",
"dateReserved": "2018-11-26T00:00:00.000Z",
"dateUpdated": "2025-05-20T17:49:51.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:outlook:*:*:*:*:*:android:*:*\", \"matchCriteriaId\": \"3C4F9595-CF25-4B63-A661-0EE48059A470\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka \u0027Outlook for Android Spoofing Vulnerability\u0027.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de suplantaci\\u00f3n de identidad en la manera en que Microsoft Outlook para el programa Android analiza los mensajes de correo electr\\u00f3nico especialmente dise\\u00f1ados, tambi\\u00e9n se conoce como \\\"Outlook for Android Spoofing Vulnerability\\\".\"}]",
"id": "CVE-2019-1105",
"lastModified": "2024-11-21T04:36:01.597",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2019-07-29T14:15:11.520",
"references": "[{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-1105\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2019-07-29T14:15:11.520\",\"lastModified\":\"2025-05-20T18:15:43.153\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.\\nThe attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.\\nThe security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de suplantaci\u00f3n de identidad en la manera en que Microsoft Outlook para el programa Android analiza los mensajes de correo electr\u00f3nico especialmente dise\u00f1ados, tambi\u00e9n se conoce como \\\"Outlook for Android Spoofing Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:outlook:*:*:*:*:*:android:*:*\",\"matchCriteriaId\":\"3C4F9595-CF25-4B63-A661-0EE48059A470\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1105\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2019-AVI-319
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une élévation de privilèges, une exécution de code à distance et une usurpation d'identité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Outlook 2016 (édition 32 bits) | ||
| Microsoft | Office | Office 365 ProPlus pour systèmes 32 bits | ||
| Microsoft | Office | Microsoft SharePoint Foundation 2013 Service Pack 1 | ||
| Microsoft | Office | Microsoft Excel 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour Mac | ||
| Microsoft | Office | Microsoft Outlook 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Office 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office 2016 pour Mac | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Outlook pour Android | ||
| Microsoft | Office | Microsoft Office 2010 Service Pack 2 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Office 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Outlook 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2010 Service Pack 2 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Outlook 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2010 Service Pack 2 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Outlook 2010 Service Pack 2 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Office 2010 Service Pack 2 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Outlook 2010 Service Pack 2 (éditions 32 bits) | ||
| Microsoft | Office | Office 365 ProPlus pour 64 bits Systems | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) | ||
| Microsoft | Office | Outlook pour iOS | ||
| Microsoft | Office | Microsoft SharePoint Server 2019 | ||
| Microsoft | Office | Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | ||
| Microsoft | Office | Microsoft Office 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft SharePoint Foundation 2010 Service Pack 2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Outlook 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office 365 ProPlus pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Foundation 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour Mac",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 pour Mac",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook pour Android",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2010 Service Pack 2 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2010 Service Pack 2 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2010 Service Pack 2 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2010 Service Pack 2 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2010 Service Pack 2 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2010 Service Pack 2 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office 365 ProPlus pour 64 bits Systems",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Outlook pour iOS",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Foundation 2010 Service Pack 2",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1006"
},
{
"name": "CVE-2019-1134",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1134"
},
{
"name": "CVE-2019-1105",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1105"
},
{
"name": "CVE-2019-1084",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1084"
},
{
"name": "CVE-2019-1110",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1110"
},
{
"name": "CVE-2019-1112",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1112"
},
{
"name": "CVE-2019-1111",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1111"
},
{
"name": "CVE-2019-1109",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1109"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-319",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une\n\u00e9l\u00e9vation de privil\u00e8ges, une ex\u00e9cution de code \u00e0 distance et une\nusurpation d\u0027identit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 juillet 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2019-AVI-319
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une élévation de privilèges, une exécution de code à distance et une usurpation d'identité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Outlook 2016 (édition 32 bits) | ||
| Microsoft | Office | Office 365 ProPlus pour systèmes 32 bits | ||
| Microsoft | Office | Microsoft SharePoint Foundation 2013 Service Pack 1 | ||
| Microsoft | Office | Microsoft Excel 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour Mac | ||
| Microsoft | Office | Microsoft Outlook 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Office 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office 2016 pour Mac | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Outlook pour Android | ||
| Microsoft | Office | Microsoft Office 2010 Service Pack 2 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Office 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Outlook 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2010 Service Pack 2 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Outlook 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2010 Service Pack 2 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Outlook 2010 Service Pack 2 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Office 2010 Service Pack 2 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Outlook 2010 Service Pack 2 (éditions 32 bits) | ||
| Microsoft | Office | Office 365 ProPlus pour 64 bits Systems | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) | ||
| Microsoft | Office | Outlook pour iOS | ||
| Microsoft | Office | Microsoft SharePoint Server 2019 | ||
| Microsoft | Office | Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | ||
| Microsoft | Office | Microsoft Office 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft SharePoint Foundation 2010 Service Pack 2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Outlook 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office 365 ProPlus pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Foundation 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour Mac",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 pour Mac",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook pour Android",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2010 Service Pack 2 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2010 Service Pack 2 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2010 Service Pack 2 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2010 Service Pack 2 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2010 Service Pack 2 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2010 Service Pack 2 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office 365 ProPlus pour 64 bits Systems",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Outlook pour iOS",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Foundation 2010 Service Pack 2",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1006"
},
{
"name": "CVE-2019-1134",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1134"
},
{
"name": "CVE-2019-1105",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1105"
},
{
"name": "CVE-2019-1084",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1084"
},
{
"name": "CVE-2019-1110",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1110"
},
{
"name": "CVE-2019-1112",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1112"
},
{
"name": "CVE-2019-1111",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1111"
},
{
"name": "CVE-2019-1109",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1109"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-319",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une\n\u00e9l\u00e9vation de privil\u00e8ges, une ex\u00e9cution de code \u00e0 distance et une\nusurpation d\u0027identit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 juillet 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2019-AVI-289
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Microsoft Outlook pour Android. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Outlook pour Android versions ant\u00e9rieures \u00e0 3.0.88",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1105",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1105"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-289",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-06-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Outlook pour Android.\nElle permet \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9 et une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Outlook pour Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2019-1105 du 20 juin 2019",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105"
}
]
}
CERTFR-2019-AVI-289
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Microsoft Outlook pour Android. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Outlook pour Android versions ant\u00e9rieures \u00e0 3.0.88",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1105",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1105"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-289",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-06-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Outlook pour Android.\nElle permet \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9 et une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Outlook pour Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2019-1105 du 20 juin 2019",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105"
}
]
}
CNVD-2019-22845
Vulnerability from cnvd - Published: 2019-07-17
VLAI Severity ?
Title
Microsoft Outlook for Android欺骗漏洞
Description
Microsoft Outlook for Android是美国微软(Microsoft)公司的一款基于Android平台的电子邮件应用程序。
基于Android平台的Microsoft Outlook中存在安全漏洞。攻击者可通过发送特制的邮件消息利用该漏洞实施跨站脚本攻击并在当前用户的安全上下文中运行脚本。
Severity
中
Patch Name
Microsoft Outlook for Android欺骗漏洞的补丁
Patch Description
Microsoft Outlook for Android是美国微软(Microsoft)公司的一款基于Android平台的电子邮件应用程序。
基于Android平台的Microsoft Outlook中存在安全漏洞。攻击者可通过发送特制的邮件消息利用该漏洞实施跨站脚本攻击并在当前用户的安全上下文中运行脚本。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105
Reference
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105
Impacted products
| Name | Microsoft Outlook for Android |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-1105"
}
},
"description": "Microsoft Outlook for Android\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8eAndroid\u5e73\u53f0\u7684\u7535\u5b50\u90ae\u4ef6\u5e94\u7528\u7a0b\u5e8f\u3002\n\n\u57fa\u4e8eAndroid\u5e73\u53f0\u7684Microsoft Outlook\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u90ae\u4ef6\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u5e76\u5728\u5f53\u524d\u7528\u6237\u7684\u5b89\u5168\u4e0a\u4e0b\u6587\u4e2d\u8fd0\u884c\u811a\u672c\u3002",
"discovererName": "unknwon",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-22845",
"openTime": "2019-07-17",
"patchDescription": "Microsoft Outlook for Android\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8eAndroid\u5e73\u53f0\u7684\u7535\u5b50\u90ae\u4ef6\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\n\u57fa\u4e8eAndroid\u5e73\u53f0\u7684Microsoft Outlook\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u90ae\u4ef6\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u5e76\u5728\u5f53\u524d\u7528\u6237\u7684\u5b89\u5168\u4e0a\u4e0b\u6587\u4e2d\u8fd0\u884c\u811a\u672c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Microsoft Outlook for Android\u6b3a\u9a97\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Microsoft Outlook for Android"
},
"referenceLink": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105",
"serverity": "\u4e2d",
"submitTime": "2019-06-28",
"title": "Microsoft Outlook for Android\u6b3a\u9a97\u6f0f\u6d1e"
}
GSD-2019-1105
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-1105",
"description": "A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka \u0027Outlook for Android Spoofing Vulnerability\u0027.",
"id": "GSD-2019-1105"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-1105"
],
"details": "A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka \u0027Outlook for Android Spoofing Vulnerability\u0027.",
"id": "GSD-2019-1105",
"modified": "2023-12-13T01:23:51.248516Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Outlook for Android",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka \u0027Outlook for Android Spoofing Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:android:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1105"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka \u0027Outlook for Android Spoofing Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
},
"lastModifiedDate": "2020-08-24T17:37Z",
"publishedDate": "2019-07-29T14:15Z"
}
}
}
MSRC_CVE-2019-1105
Vulnerability from csaf_microsoft - Published: 2019-06-11 07:00 - Updated: 2019-06-20 07:00Summary
Outlook for Android Spoofing Vulnerability
Severity
Important
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.
Vendor Fix
Publication:Security Update:https://play.google.com/store/apps/details?id=com.microsoft.office.outlook
https://play.google.com/store/apps/details?id=com…
References
Acknowledgments
<a href="https://www.linkedin.com/in/sandervanrapenbusch/">Sander Vanrapenbusch </a>
<a href="https://www.linkedin.com/in/gaurav-kumar-b39257166 "> Gaurav Kumar(0x01) </a> <a> @kumargaurav776 </a>
<a href= "https://twitter.com/bryapp">Bryan Appleby </a> <a> F5 Networks </a>
<a> Eliraz Duek, Or Ida, Nethanel Coppenhagen | CyberArk </a>
<a href="https://www.linkedin.com/in/tom-wyckhuys-202188a3/"> Tom Wyckhuys </a>
{
"document": {
"acknowledgments": [
{
"names": [
"\u003ca href=\"https://www.linkedin.com/in/sandervanrapenbusch/\"\u003eSander Vanrapenbusch \u003c/a\u003e \n"
]
},
{
"names": [
"\u003ca href=\"https://www.linkedin.com/in/gaurav-kumar-b39257166 \"\u003e Gaurav Kumar(0x01) \u003c/a\u003e \u003ca\u003e @kumargaurav776 \u003c/a\u003e"
]
},
{
"names": [
"\u003ca href= \"https://twitter.com/bryapp\"\u003eBryan Appleby \u003c/a\u003e \u003ca\u003e F5 Networks \u003c/a\u003e"
]
},
{
"names": [
"\u003ca\u003e Eliraz Duek, Or Ida, Nethanel Coppenhagen | CyberArk \u003c/a\u003e"
]
},
{
"names": [
"\u003ca href=\"https://www.linkedin.com/in/tom-wyckhuys-202188a3/\"\u003e Tom Wyckhuys \u003c/a\u003e"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2019-1105 Outlook for Android Spoofing Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1105"
},
{
"category": "self",
"summary": "CVE-2019-1105 Outlook for Android Spoofing Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2019/msrc_cve-2019-1105.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Outlook for Android Spoofing Vulnerability",
"tracking": {
"current_release_date": "2019-06-20T07:00:00.000Z",
"generator": {
"date": "2025-05-20T17:49:25.891Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2019-1105",
"initial_release_date": "2019-06-11T07:00:00.000Z",
"revision_history": [
{
"date": "2019-06-20T07:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cPublication",
"product": {
"name": "Microsoft Outlook for Android \u003cPublication",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "Publication",
"product": {
"name": "Microsoft Outlook for Android Publication",
"product_id": "10685"
}
}
],
"category": "product_name",
"name": "Microsoft Outlook for Android"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-1105",
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "Tap the Google Play icon on your home screen.\nSwipe in from the left edge of the screen.\nTap My apps \u0026amp; games.\nTap the Update box next to the Outlook app.",
"title": "How do I get the update for Outlook for Android?"
}
],
"product_status": {
"fixed": [
"10685"
],
"known_affected": [
"1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2019-1105 Outlook for Android Spoofing Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1105"
},
{
"category": "self",
"summary": "CVE-2019-1105 Outlook for Android Spoofing Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2019/msrc_cve-2019-1105.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2019-06-20T07:00:00.000Z",
"details": "Publication:Security Update:https://play.google.com/store/apps/details?id=com.microsoft.office.outlook",
"product_ids": [
"1"
],
"url": "https://play.google.com/store/apps/details?id=com.microsoft.office.outlook"
}
],
"threats": [
{
"category": "impact",
"details": "Spoofing"
},
{
"category": "exploit_status",
"details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely"
}
],
"title": "Outlook for Android Spoofing Vulnerability"
}
]
}
FKIE_CVE-2019-1105
Vulnerability from fkie_nvd - Published: 2019-07-29 14:15 - Updated: 2025-05-20 18:15
Severity ?
Summary
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.
The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.
The security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:android:*:*",
"matchCriteriaId": "3C4F9595-CF25-4B63-A661-0EE48059A470",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.\nThe attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.\nThe security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de suplantaci\u00f3n de identidad en la manera en que Microsoft Outlook para el programa Android analiza los mensajes de correo electr\u00f3nico especialmente dise\u00f1ados, tambi\u00e9n se conoce como \"Outlook for Android Spoofing Vulnerability\"."
}
],
"id": "CVE-2019-1105",
"lastModified": "2025-05-20T18:15:43.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-29T14:15:11.520",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-G48P-GV5G-MVV6
Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2025-05-20 18:30
VLAI?
Details
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'.
Severity ?
5.4 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-1105"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-29T14:15:00Z",
"severity": "MODERATE"
},
"details": "A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka \u0027Outlook for Android Spoofing Vulnerability\u0027.",
"id": "GHSA-g48p-gv5g-mvv6",
"modified": "2025-05-20T18:30:47Z",
"published": "2022-05-24T16:51:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1105"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1105"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
BDU:2019-02386
Vulnerability from fstec - Published: 20.06.2019
VLAI Severity ?
Title
Уязвимость почтового клиента Microsoft Outlook for Android, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю осуществлять межсайтовые сценарные атаки
Description
Уязвимость почтового клиента Microsoft Outlook for Android связана с ошибками представления информации пользовательским интерфейсом. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, осуществлять межсайтовые сценарные атаки с помощью специально созданного электронного сообщения
Severity ?
Vendor
Microsoft Corp
Software Name
Microsoft Outlook
Software Version
до 3.0.88 (Microsoft Outlook)
Possible Mitigations
Использование рекомендаций:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105
Reference
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105
https://www.securitylab.ru/news/499545.php
https://www.cybersecurity-help.cz/vdb/SB2019062106?affChecked=1
CWE
CWE-451
{
"CVSS 2.0": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 3.0.88 (Microsoft Outlook)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.06.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.07.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02386",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-1105",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft Outlook",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Google Inc Android - ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Microsoft Outlook for Android, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "UI \u041b\u043e\u0436\u043d\u043e\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c. (CWE-451)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Microsoft Outlook for Android \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0433\u043e \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105\nhttps://www.securitylab.ru/news/499545.php\nhttps://www.cybersecurity-help.cz/vdb/SB2019062106?affChecked=1",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-451",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 2,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,2)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…