CVE-2019-1204

Published: Aug 14, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB). To exploit the vulnerability, the attacker could send a specially crafted email to a victim. Outlook would then attempt to open a pre-configured message store contained in the email upon receipt of the email. This update addresses the vulnerability by ensuring Office fully validates incoming email formatting before processing message content.

Vendor	Product	Versions
Microsoft	Microsoft Office 2019	affected `19.0.0 - < https://aka.ms/OfficeSecurityReleases`
Microsoft	Office 365 ProPlus	affected `16.0.0 - < publication`
Microsoft	Microsoft Outlook 2016	affected `16.0.0.0 - < publication`
Microsoft	Microsoft Outlook 2013 Service Pack 1	affected `15.0.0.0 - < publication`
Microsoft	Microsoft Outlook 2010 Service Pack 2	affected `13.0.0.0 - < publication`

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1204

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-1204

Description

Affected Products

References