Security News > 2019 > June > Microsoft Outlook for Android Open to XSS Attacks

2019-06-21 19:50
A spoofing bug (CVE-2019-1105) can open the door to an email attack chain.
News URL
https://threatpost.com/microsoft-outlook-android-xss/145924/
Related news
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- Microsoft fixes Outlook drag-and-drop broken by Windows updates (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Microsoft says button to restore classic Outlook is broken (source)
- Microsoft Exchange Online outage affects Outlook web users (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-29 | CVE-2019-1105 | Cross-site Scripting vulnerability in Microsoft Outlook A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'. | 5.4 |