cnvd - cnvd-2018-13288

cnvd-2018-13288

Vulnerability from cnvd

Title: Microsoft Outlook权限提升漏洞（CNVD-2018-13288）

Description:

Microsoft Outlook是美国微软（Microsoft）公司的一款Office套件中所捆绑的电子邮件客户端软件。该软件可管理电子邮件、联系人和日历等。

Microsoft Outlook中存在权限提升漏洞，该漏洞源于程序未能正确地验证附件标题。远程攻击者可通过发送特制的电子邮件利用该漏洞获取提升的权限。

Severity: 高

Patch Name: Microsoft Outlook权限提升漏洞（CNVD-2018-13288）的补丁

Patch Description:

Microsoft Outlook是美国微软（Microsoft）公司的一款Office套件中所捆绑的电子邮件客户端软件。该软件可管理电子邮件、联系人和日历等。

Microsoft Outlook中存在权限提升漏洞，该漏洞源于程序未能正确地验证附件标题。远程攻击者可通过发送特制的电子邮件利用该漏洞获取提升的权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布漏洞修复程序，请及时关注更新： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244

Reference: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244

Impacted products

Name
['Microsoft Outlook 2013', 'Microsoft Office 2016', 'Microsoft outlook 2016', 'Microsoft Outlook 2010']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104323"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8244"
    }
  },
  "description": "Microsoft Outlook\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3eOffice\u5957\u4ef6\u4e2d\u6240\u6346\u7ed1\u7684\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u7ba1\u7406\u7535\u5b50\u90ae\u4ef6\u3001\u8054\u7cfb\u4eba\u548c\u65e5\u5386\u7b49\u3002\r\n\r\nMicrosoft Outlook\u4e2d\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u9a8c\u8bc1\u9644\u4ef6\u6807\u9898\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u7535\u5b50\u90ae\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\u3002",
  "discovererName": "Jonathan Birch",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-13288",
  "openTime": "2018-07-17",
  "patchDescription": "Microsoft Outlook\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3eOffice\u5957\u4ef6\u4e2d\u6240\u6346\u7ed1\u7684\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u7ba1\u7406\u7535\u5b50\u90ae\u4ef6\u3001\u8054\u7cfb\u4eba\u548c\u65e5\u5386\u7b49\u3002\r\n\r\nMicrosoft Outlook\u4e2d\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u9a8c\u8bc1\u9644\u4ef6\u6807\u9898\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u7535\u5b50\u90ae\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Outlook\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2018-13288\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Outlook 2013",
      "Microsoft Office 2016",
      "Microsoft outlook 2016",
      "Microsoft Outlook 2010"
    ]
  },
  "referenceLink": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244",
  "serverity": "\u9ad8",
  "submitTime": "2018-06-13",
  "title": "Microsoft Outlook\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2018-13288\uff09"
}

CVE-2018-8244 (GCVE-0-2018-8244)

Vulnerability from cvelistv5

Published

2018-06-14 12:00

Modified

2024-08-05 06:46

Severity ?

CWE

Elevation of Privilege

Summary

An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1041107	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/104323	vdb-entry, x_refsource_BID
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

Microsoft

Microsoft Office

Version: 2016 Click-to-Run (C2R) for 32-bit editions
Version: 2016 Click-to-Run (C2R) for 64-bit editions

Microsoft

Microsoft Outlook

Version: 2010 Service Pack 2 (32-bit editions)
Version: 2010 Service Pack 2 (64-bit editions)
Version: 2013 RT Service Pack 1
Version: 2013 Service Pack 1 (32-bit editions)
Version: 2013 Service Pack 1 (64-bit editions)
Version: 2016 (32-bit edition)
Version: 2016 (64-bit edition)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:13.774Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041107",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041107"
          },
          {
            "name": "104323",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104323"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Office",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2016 Click-to-Run (C2R) for 32-bit editions"
            },
            {
              "status": "affected",
              "version": "2016 Click-to-Run (C2R) for 64-bit editions"
            }
          ]
        },
        {
          "product": "Microsoft Outlook",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2010 Service Pack 2 (64-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 RT Service Pack 1"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (32-bit editions)"
            },
            {
              "status": "affected",
              "version": "2013 Service Pack 1 (64-bit editions)"
            },
            {
              "status": "affected",
              "version": "2016 (32-bit edition)"
            },
            {
              "status": "affected",
              "version": "2016 (64-bit edition)"
            }
          ]
        }
      ],
      "datePublic": "2018-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka \"Microsoft Outlook Elevation of Privilege Vulnerability.\" This affects Microsoft Office, Microsoft Outlook."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-15T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1041107",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041107"
        },
        {
          "name": "104323",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104323"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8244",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Office",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2016 Click-to-Run (C2R) for 32-bit editions"
                          },
                          {
                            "version_value": "2016 Click-to-Run (C2R) for 64-bit editions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Outlook",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2010 Service Pack 2 (32-bit editions)"
                          },
                          {
                            "version_value": "2010 Service Pack 2 (64-bit editions)"
                          },
                          {
                            "version_value": "2013 RT Service Pack 1"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (32-bit editions)"
                          },
                          {
                            "version_value": "2013 Service Pack 1 (64-bit editions)"
                          },
                          {
                            "version_value": "2016 (32-bit edition)"
                          },
                          {
                            "version_value": "2016 (64-bit edition)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka \"Microsoft Outlook Elevation of Privilege Vulnerability.\" This affects Microsoft Office, Microsoft Outlook."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041107",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041107"
            },
            {
              "name": "104323",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104323"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8244"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8244",
    "datePublished": "2018-06-14T12:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:46:13.774Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted