CVE-2023-35619: Microsoft Outlook for Mac Spoofing Vulnerability

Overview

Severity

Medium (CVSS 5.3)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-Dec

Released

2023-12-12

EPSS Score

1.36% (percentile: 80.1%)

FAQ

What is the nature of the spoofing? An attacker could appear as a trusted user when they should not be. This could cause a user to mistakenly trust a signed email message as if it came from a legitimate user. According to the CVSS metric, Integrity (I:L) is Low. What does that mean for this vulnerability? The attacker who successfully exploits the vulnerability could inject CSS (Cascading Style Sheets) into an email, which is rendered at the victim’s side when they view the email.

Affected Products (1)

Microsoft Office

• Microsoft Office LTSC for Mac 2021

Security Updates (1)

• Release Notes

Acknowledgments

<a href="https://www.linkedin.com/in/rme-infosec/">Ryan Emmons</a> with <a href="https://convergetp.com/cybersecurity/">Converge Technology Solutions</a>

Revision History

• 2023-12-12: Information published.