CVE-2024-38173

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook (affected versions not specified)

Description: The issue is related to incorrect external control of a file name or path in Microsoft Outlook for Windows operating systems. Exploitation of this issue may allow an attacker to execute arbitrary code. It is described as a Form Injection Remote Code Execution (RCE) vulnerability. Researchers from Morphisec Threat Labs have identified this vulnerability, which is a zero-click vulnerability leveraging form injections.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.