CVE-2020-16949: Microsoft Outlook Denial of Service Vulnerability

Overview

Severity

Medium (CVSS 4.7)

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

Category

Denial of Service

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Oct

Released

2020-10-13

EPSS Score

6.39% (percentile: 91.0%)

Description

A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server. The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory.

FAQ

Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector.

Affected Products (11)

Other

• 11573
• 11574
• 11762
• 11763
• 10765
• 10766
• 10810
• 10811
• 10527
• 10528
• 10407

Security Updates (3)

• 4486671
• 4484524
• 4486663

Acknowledgments

<a href="https://www.linkedin.com/in/jesus-rodriguez-fonteboa/"> Jesus Rodriguez Fonteboa </a>

Revision History

• 2020-10-13: Information published.