CVE 2018-0950 is the name given to the information disclosure vulnerability of Outlook for which Microsoft released a vulnerability patch this month. This release came almost after 18 months of receiving the report disclosing the bug. It was Will Dormann who discovered this vulnerability in 2016. He is a software vulnerability analyst with Carnegie Mellon Software Engineering Institute’s CERT Coordination Center (CERT/CC) since 2004. This vulnerability can result in the disclosure of sensitive information to a malicious site. Thus, Microsoft Outlook users need to be aware of this vulnerability and its safeguards. Threat Analysis of ‘important’ leak bug and its impact As discovered by Dormann, the CVE2018-0950 flaw affects Microsoft Outlook software, when it renders Rich Text Format (RTF) email messages containing remotely hosted OLE objects hosted on SMB (Server Message Block) server (under the control of attackers). However, other Microsoft applications such as Word, Excel and…
Read more
Filed under Web Hosting News by on .