Vulnerability Details : CVE-2017-8572
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook Information Disclosure Vulnerability".
Vulnerability category: Information leak
Products affected by CVE-2017-8572
- cpe:2.3:a:microsoft:outlook:2007:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-8572
10.85%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-8572
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
|
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2017-8572
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8572
-
http://www.securityfocus.com/bid/99453
Microsoft Office Outlook CVE-2017-8572 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039010
Microsoft Office Outlook Object Memory Handling Flaw Lets Remote Users Obtain Potentially Sensitive Information from Memory on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8572
CVE-2017-8572 | Microsoft Outlook Information Disclosure VulnerabilityPatch;Vendor Advisory
Jump to