Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

MNDT-2022-0004

Microsoft Outlook for MacOS contains a Security Feature Bypass Vulnerability prior to version 16.57.

Impact

Low - Exploiting the vulnerability will give target’s IP.

Exploitability

High - Anyone can exploit the vulnerability and an exploit is trivial to produce.

CVE Reference

CVE-2022-23280

Common Weakness Enumeration

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Common Vulnerability Scoring System

Base Score: 5.3 - Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Technical Details

This Outlook bug could allow images to appear in the Preview Pane automatically, even if this option is disabled. On its own, exploiting this will only expose the target’s IP information. However, it’s possible a second bug affecting image rendering could be paired with this bug to allow remote code execution.

It is possible to bypass the security feature that prevents the Preview Pane from automatically downloading images if an email contains the HTML tag <bgsound>. This affects, that other HTML tags that rely on external sources will be downloaded without any warnings.

Resolution

The issue was fixed in version 16.57. Update to this version to address the vulnerability.

Discovery Credits

  • Ronnie Salomonsen, Mandiant

Disclosure Timeline

  • 7-Dec-2021 - Issue reported to Microsoft
  • 5-Jan-2022 - Issue confirmed by Microsoft and a fix scheduled for February 8, 2022.
  • 8-Feb-2022 - Patched version released by Microsoft

References