According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires the victim to open a specially crafted file and click through Office Security Prompt(s). An attacker would have no way to force users to open the file., In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. Is the Attachment Preview Pane an attack vector for this vulnerability? Yes. The attachment Preview Pane that is accessed when a user clicks to preview an attached file is an attack vector; however, the email Preview Pane itself is not. What kind of security feature could be bypassed by successfully exploiting this vulnerability? Successful exploitation of this vulnerability would allow an attacker to escape the Office Protected View. Is Application Guard for Office affected by this vulnerability? No. Customers using Application Guard for Office are not affected.
Ben Lichtman