CVE-2022-35742: Microsoft Outlook Denial of Service Vulnerability
Overview
- Severity
- High (CVSS 7.5)
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
- Category
- Denial of Service
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2022-Aug
- Released
- 2022-08-09
- Last Updated
- 2022-08-19
- EPSS Score
- 6.95% (percentile: 91.4%)
FAQ
How could an attacker exploit this vulnerability?
The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the email server. This could lead to a denial of service BEFORE the email is viewed in the Preview Pane.
Affected Products (11)
Microsoft Office
- Microsoft Office 2019 for 32-bit editions
- Microsoft Office 2019 for 64-bit editions
- Microsoft 365 Apps for Enterprise for 32-bit Systems
- Microsoft 365 Apps for Enterprise for 64-bit Systems
- Microsoft Office LTSC 2021 for 64-bit editions
- Microsoft Office LTSC 2021 for 32-bit editions
- Microsoft Outlook 2016 (32-bit edition)
- Microsoft Outlook 2016 (64-bit edition)
- Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
- Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
- Microsoft Outlook 2013 RT Service Pack 1
Security Updates (4)
Acknowledgments
insu of 78 Research Lab working with <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
Revision History
- 2022-08-09: Information published.
- 2022-08-19: Updated FAQ information. This is an informational change only.