CVE-2017-0204

Name of the Vulnerable Software and Affected Versions Microsoft Outlook versions 2007 SP3 through 2016

Description The issue is related to a security feature bypass in Microsoft Office software, specifically in Microsoft Outlook, where the software improperly handles the parsing of file formats. This can be exploited by a remote attacker using a specially crafted document to bypass the Office Protected View. The bypass by itself does not allow arbitrary code execution but can be used in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code. An attacker would have to convince a user to open a specially crafted file with an affected version of Microsoft Office software to exploit the vulnerability.

Recommendations For Microsoft Outlook versions 2007 SP3 through 2016, consider avoiding the use of Office software to open specially crafted files until a patch is available. As a temporary workaround, restrict access to the Office Protected View feature to minimize the risk of exploitation.