SMTP: Microsoft Office Outlook CVE-2018-8161 Use After Free
This signature detects attempt to exploit an use-after-free vulnerability which has been reported in Microsoft Office Outlook. A remote attacker could exploit this vulnerability by sending an email that contains crafted HTML. Successful exploitation could result in the execution of arbitrary code in the context of the application.
Extended Description
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8157, CVE-2018-8158.
Affected Products
Microsoft office
Short Name
SMTP:MS-OFFICE-UAF
Severity
Major
Recommended
True
Recommended Action
None
Category
SMTP
Keywords
After CVE-2018-8161 Free Microsoft Office Outlook Use bid:104052
Release Date
07/23/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3