CVSS: 9.3EPSS: 1%CPEs: 6EXPL: 0CVE-2019-1200 – Microsoft Outlook Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-1200
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. ... For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Outlook software. ... Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Microsoft Outlook handles files in memory. Existe una vulnerabilidad de ejecución de código remota en el programa Microsoft Outlook cuando no puede manejar apropiadamente los objetos en la memoria, también se conoce como "Microsoft Outlook Remote Code Execution Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1200 •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2019-1199 – Microsoft Outlook Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2019-1199
A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. ... Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software. ... Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that where severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector. The security update addresses the vulnerability by correcting how Outlook handles objects in memory. Existe una vulnerabilidad de ejecución de código remota en Microsoft Outlook cuando el programa no puede manejar apropiadamente los objetos en la memoria, también se conoce como "Microsoft Outlook Memory Corruption Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1199 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 16EXPL: 0CVE-2019-1201 – Microsoft Word Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-1201
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. ... Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or other message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Word handles files in memory. For users who view their emails in Outlook, the Preview Pane attack vector can be mitigated by disabling this feature. The following registry keys can be set to disable the Preview Pane in Outlook on Windows, either via manual editing of the registry or by modifying Group Policy. Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. ... For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Outlook 2010: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Options DWORD: DisableReadingPane Value: 1 Outlook 2013: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Options DWORD: DisableReadingPane Value: 1 Outlook 2016, Outlook 2019, and Office 365 ProPlus: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options DWORD: DisableReadingPane Value: 1 Existe una vulnerabilidad de ejecución de código remota en el programa Microsoft Word cuando no puede manejar apropiadamente los objetos en la memoria, también se conoce como "Microsoft Word Remote Code Execution Vulnerability". ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1201 •
CVSS: 9.3EPSS: 7%CPEs: 6EXPL: 1CVE-2018-8587
https://notcve.org/view.php?id=CVE-2018-8587
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. Existe una vulnerabilidad de ejecución remota de código en el software de Microsoft Outlook cuando no gestiona correctamente objetos en la memoria. Esto también se conoce como "Microsoft Outlook Remote Code Execution Vulnerability". Esto afecta a Office 365 ProPlus, Microsoft Office y Microsoft Outlook. • https://github.com/Sunqiz/CVE-2018-8587-reproduction http://www.securityfocus.com/bid/106097 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8587 •
CVSS: 9.3EPSS: 25%CPEs: 6EXPL: 0CVE-2018-8522
https://notcve.org/view.php?id=CVE-2018-8522
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. ... Existe una vulnerabilidad de ejecución remota de código en el software de Microsoft Outlook cuando no gestiona correctamente objetos en la memoria. Esto también se conoce como "Microsoft Outlook Remote Code Execution Vulnerability". Esto afecta a Office 365 ProPlus, Microsoft Office y Microsoft Outlook. • http://www.securityfocus.com/bid/105820 http://www.securitytracker.com/id/1042110 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8522 •