MNDT-2022-0004
Microsoft Outlook for MacOS contains a Security Feature Bypass Vulnerability prior to version 16.57.
Impact
Low - Exploiting the vulnerability will give target’s IP.
Exploitability
High - Anyone can exploit the vulnerability and an exploit is trivial to produce.
CVE Reference
CVE-2022-23280
Common Weakness Enumeration
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Common Vulnerability Scoring System
Base Score: 5.3 - Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Technical Details
This Outlook bug could allow images to appear in the Preview Pane automatically, even if this option is disabled. On its own, exploiting this will only expose the target’s IP information. However, it’s possible a second bug affecting image rendering could be paired with this bug to allow remote code execution.
It is possible to bypass the security feature that prevents the Preview Pane from automatically downloading images if an email contains the HTML tag <bgsound>. This affects, that other HTML tags that rely on external sources will be downloaded without any warnings.
Resolution
The issue was fixed in version 16.57. Update to this version to address the vulnerability.
Discovery Credits
- Ronnie Salomonsen, Mandiant
Disclosure Timeline
- 7-Dec-2021 - Issue reported to Microsoft
- 5-Jan-2022 - Issue confirmed by Microsoft and a fix scheduled for February 8, 2022.
- 8-Feb-2022 - Patched version released by Microsoft