Outlook iOS Spoofing Vulnerability
CVE-2019-1218

5.4MEDIUM

Key Information:

Vendor: Microsoft
Status: Outlook For iOS
Vendor: CVE Published:; 14 August 2019

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user. The security update addresses the vulnerability by correcting how Outlook iOS parses specially crafted email messages.

Affected Version(s)

Outlook for iOS Unknown 0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-1218
Created by d0gukank

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

🟡
Public PoC available
Oct 9, 2019
👾
Exploit known to exist
Oct 9, 2019
Vulnerability published
Aug 14, 2019
Vulnerability Reserved
Nov 26, 2018

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)