Vulnerabilities > CVE-2018-0819 - Unspecified vulnerability in Microsoft Office 2016
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing, due to how Outlook for Mac displays encoded email addresses, aka "Spoofing Vulnerability in Microsoft Office for Mac."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | MacOS X Local Security Checks |
NASL id | MACOS_MS18_JAN_OFFICE.NASL |
description | The Microsoft Office 2016 application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-0792) - A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2018-0793) - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2018-0794) - A spoofing vulnerability exists when Microsoft Outlook for MAC does not properly handle the encoding and display of email addresses. This improper handling and display may cause antivirus or antispam scanning to not work as intended. (CVE-2018-0819) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 106189 |
published | 2018-01-19 |
reporter | This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/106189 |
title | Security Update for Microsoft Office (January 2018) (macOS) |
The Hacker News
id | THN:ED087560040A02BCB1F68DE406A7F577 |
last seen | 2018-01-27 |
modified | 2018-01-11 |
published | 2018-01-09 |
reporter | Mohit Kumar |
source | https://thehackernews.com/2018/01/microsoft-security-patch.html |
title | Microsoft Releases Patches for 16 Critical Flaws, Including a Zero-Day |
References
- http://www.securityfocus.com/bid/102464
- http://www.securityfocus.com/bid/102464
- http://www.securitytracker.com/id/1040153
- http://www.securitytracker.com/id/1040153
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0819
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0819