CVE-2021-31949 Microsoft Outlook Remote Code Execution Vulnerability

2021-06-0822:46:21

microsoft

www.cve.org

microsoft outlook

remote code execution

vulnerability

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C

AI Score

7.5

Confidence

High

EPSS

0.01

Percentile

83.5%

JSON

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft Office 2019",
    "cpes": [
      "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "19.0.0",
        "lessThan": "https://aka.ms/OfficeSecurityReleases",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft 365 Apps for Enterprise",
    "cpes": [
      "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.1",
        "lessThan": "https://aka.ms/OfficeSecurityReleases",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Outlook 2016",
    "cpes": [
      "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:x86:*:*",
      "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:x64:*:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0.0",
        "lessThan": "16.0.5356.1000.",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Outlook 2013 Service Pack 1",
    "cpes": [
      "cpe:2.3:a:microsoft:outlook:2013:*:*:*:*:x86:*:*",
      "cpe:2.3:a:microsoft:outlook:2013:*:*:*:*:*:x64:*",
      "cpe:2.3:a:microsoft:outlook:2013:*:*:*:rt:*:*:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems",
      "ARM64-based Systems"
    ],
    "versions": [
      {
        "version": "15.0.0.0",
        "lessThan": "15.0.5475.1000",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]