Lucene search
KdotZDI-20-1422HistoryDec 11, 2020 - 12:00 a.m.
Microsoft Outlook MSG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2020-12-1100:00:00
kdot
www.zerodayinitiative.com
17
0.801 High
EPSS
Percentile
98.3%
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Outlook. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MSG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
Related
cve
cve
CVE-2020-17119
2020-12-10 00:15:14
nvd
nvd
CVE-2020-17119
2020-12-10 00:15:14
nessus
nessus
Security Updates for Outlook (December 2020)
2020-12-08 00:00:00
Security Updates for Microsoft Office (December 2020) (macOS)
2021-01-25 00:00:00
mskb
mskb
Description of the security update for Outlook 2013: December 8, 2020
2020-12-08 08:00:00
Description of the security update for Outlook 2010: December 8, 2020
2020-12-08 08:00:00
Description of the security update for Outlook 2016: December 8, 2020
2020-12-08 08:00:00
openvas
openvas
prion
prion
Information disclosure
2020-12-10 00:15:00
cvelist
cvelist
CVE-2020-17119 Microsoft Outlook Information Disclosure Vulnerability
2020-12-09 23:36:44
mscve
mscve
Microsoft Outlook Information Disclosure Vulnerability
2020-12-08 08:00:00
kaspersky
kaspersky
KLA12023 Multiple vulnerabilities in Microsoft Office
2020-12-08 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - December 2020
2020-12-08 21:36:27