CVE-2018-0852

Name of the Vulnerable Software and Affected Versions Microsoft Outlook versions 2007 SP3 through 2016 Microsoft Office 2016 Click-to-Run (C2R)

Description The issue is caused by a buffer overflow in memory, allowing a remote attacker to execute arbitrary code. The vulnerability exists due to how the software handles objects in memory. If successfully exploited, an attacker could run arbitrary code in the context of the current user, potentially taking control of the affected system if the user has administrative rights. This could enable the attacker to install programs, view, change, or delete data, or create new accounts with full user rights. Exploitation requires a user to open a specially crafted file with an affected version of the software.

Recommendations For Microsoft Outlook versions 2007 SP3 through 2016, update to a version that includes the fix for this issue. For Microsoft Office 2016 Click-to-Run (C2R), update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of affected Microsoft Outlook software to open files from untrusted sources until a patch is available.