CVE-2023-35311
Microsoft Outlook Security Feature Bypass Vulnerability
In short
Microsoft Outlook has a vulnerability that allows attackers to bypass security protections designed to block malicious content and suspicious attachments. This weakness could allow harmful emails or files to reach users who thought they were protected.
Technical detail
CWE-367 (Time-of-check Time-of-use race condition) in Outlook's security validation mechanisms allows an attacker to circumvent attachment or content filtering by exploiting a race condition between security checks and execution. The vulnerability requires user interaction or specific timing conditions and can result in execution of malicious code or delivery of phishing content.
Summary generated and translated by AI from the official description.
Microsoft Outlook Security Feature Bypass Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Affected products
Microsoft · Microsoft 365 Apps for EnterpriseMicrosoft · Microsoft Office 2019Microsoft · Microsoft Office LTSC 2021Microsoft · Microsoft Outlook 2013Microsoft · Microsoft Outlook 2013 Service Pack 1Microsoft · Microsoft Outlook 2016Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →