PT-2025-1193 · Microsoft · Outlook+2
D4M0N
+2
·
Published
2025-01-14
·
Updated
2026-03-10
·
CVE-2025-21298
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Microsoft Outlook versions prior to the fixed version
Description
The vulnerability is a zero-click remote code execution (RCE) flaw in Microsoft Outlook, caused by a memory corruption issue in the
UtOlePresStmToContentsStm function of the ole32.dll library. This function is used to process embedded OLE objects in RTF files. The vulnerability can be exploited by sending a specially crafted email to the victim, which can execute arbitrary code on the victim's machine without requiring any user interaction. The estimated number of potentially affected devices worldwide is not specified, but the vulnerability is considered critical due to its high severity and potential for remote code execution.Recommendations
To resolve the issue, update Microsoft Outlook to the latest version, which includes the fix for this vulnerability. Additionally, consider implementing the following mitigation measures:
- Enable text-based preview of attachments in Outlook
- Block RTF files from untrusted sources
- Use antivirus software and SIEM systems to detect and prevent exploitation attempts
- Restrict remote access to vulnerable systems
- Educate users to avoid opening suspicious email attachments and to use plain text email viewing to minimize the risk of exploitation.
Exploit
Fix
RCE
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Outlook
Windows
Windows Object Linking/Embedding