Endpoint Vulnerability

Microsoft Outlook Spoofing Vulnerability

Description

A spoofing vulnerability exists when Microsoft Outlook does not strictly adhere to RFC2046, and improperly identifies the end of a MIME attachment. An improper MIME attachment ending may cause antivirus or antispam scanning to not work as intended. To exploit the vulnerability, an attacker could send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing. The security update addresses the vulnerability by correcting how Outlook determines the end of MIME messages.

Affected Products

Microsoft Outlook 2007 Service Pack 3,Microsoft Outlook 2013 RT Service Pack 1,Microsoft Outlook 2010 Service Pack 2 (64-bit editions),Microsoft Outlook 2013 Service Pack 1 (32-bit editions),Microsoft Outlook 2013 Service Pack 1 (64-bit editions),Microsoft Outlook 2016 x86,Microsoft Outlook 2016 for Mac,Microsoft Outlook 2010 Service Pack 2 (32-bit editions),Microsoft Outlook 2016 x64

References

CVE-2016-3366,