CVE-2018-8587

Name of the Vulnerable Software and Affected Versions Microsoft Outlook versions prior to the fixed version Office 365 ProPlus (affected versions not specified) Microsoft Office (affected versions not specified)

Description The issue is related to errors in the mechanisms for handling objects in memory. Exploitation of this issue may allow an attacker to execute arbitrary code with the privileges of the current user using specially crafted content. To exploit the issue, a user must open a specially crafted file with an affected version of Microsoft Outlook software. The Preview Pane is not an attack vector for this issue.

Recommendations For Microsoft Outlook, update to a version that includes the fix for this issue. For Office 365 ProPlus, apply the recommended configuration changes to minimize the risk of exploitation. For Microsoft Office, consider restricting access to specially crafted files until a patch is available. As a temporary workaround, consider disabling the handling of specially crafted files in Microsoft Outlook until a patch is available.