CVE-2019-1218

EPSS 8.98%
Published 14.08.2019 21:15:18
Last modified 21.11.2024 04:36:15
Source secure@microsoft.com
Teams watchlist Login
Open Login

A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.
The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.
The security update addresses the vulnerability by correcting how Outlook iOS parses specially crafted email messages.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Outlook Version- SwPlatformiphone_os

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	8.98%	0.918

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1218

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1218

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1218

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1218

EUVD