CVE-2019-1204

MEDIUM

Microsoft Office and Outlook - Elevation of Privilege via Malformed Email Message Processing

Title source: llm
STIX 2.1

Description

An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB). To exploit the vulnerability, the attacker could send a specially crafted email to a victim. Outlook would then attempt to open a pre-configured message store contained in the email upon receipt of the email. This update addresses the vulnerability by ensuring Office fully validates incoming email formatting before processing message content.

References (1)

Core 1
Core References

Scores

CVSS v3 4.3
EPSS 0.0442
EPSS Percentile 90.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

CWE
CWE-20
Status published
Products (5)
microsoft/office 2019
microsoft/office_365_proplus
microsoft/outlook 2010 sp2
microsoft/outlook 2013 sp1 (2 CPE variants)
microsoft/outlook 2016
Published Aug 14, 2019
Tracked Since Feb 18, 2026