PT-2021-4665 — Remote Code Execution in Microsoft Outlook

PT-2021-4665 · Microsoft · Outlook

Published

2021-04-14

Updated

2021-04-14

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Microsoft Outlook (affected versions not specified)

Description The issue is related to insufficient address validation in the headers of the Address Book component in Microsoft Outlook. This can be exploited by a remote attacker to conduct spoofing attacks using external similar IDN domains.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-345

Related Identifiers

BDU:2021-05358

Affected Products

Outlook

PT-2021-4665 · Microsoft · Outlook

Weakness Enumeration

Related Identifiers

Affected Products

References · 3