Vulnerability Details : CVE-2017-8571
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability".
Vulnerability category: Input validation
Products affected by CVE-2017-8571
- cpe:2.3:a:microsoft:outlook:2007:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-8571
11.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-8571
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-8571
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8571
-
http://www.securitytracker.com/id/1039012
Microsoft Office Outlook File Processing Flaw Lets Remote Users Execute Arbitrary Commands - SecurityTrackerThird Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8571
CVE-2017-8571 | Microsoft Office Security Feature Bypass VulnerabilityPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/99452
Microsoft Office Outlook CVE-2017-8571 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to