CVE-2019-1105

EPSS 0.53%
Veröffentlicht 29.07.2019 14:15:11
Zuletzt bearbeitet 20.05.2025 18:15:43
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.
The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.
The security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Outlook SwPlatformandroid

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.53%	0.645

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105

Patch

Vendor Advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1105

https://nvd.nist.gov/vuln/detail/CVE-2019-1105

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1105

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1105

EUVD