CNVD-2021-25015

Vulnerability from cnvd - Published: 2021-04-06
VLAI Severity ?
Title
Microsoft Outlook安全功能绕过漏洞(CNVD-2021-25015)
Description
Microsoft Outlook是美国微软(Microsoft)公司的一套电子邮件应用程序。 Microsoft Outlook中存在安全功能绕过漏洞,该漏洞源于程序未执行系统上配置的安全设置,攻击者可借助特制的图像利用该漏洞导致系统加载远程图像并获取目标系统的IP地址。
Severity
Patch Name
Microsoft Outlook安全功能绕过漏洞(CNVD-2021-25015)的补丁
Patch Description
Microsoft Outlook是美国微软(Microsoft)公司的一套电子邮件应用程序。 Microsoft Outlook中存在安全功能绕过漏洞,该漏洞源于程序未执行系统上配置的安全设置,攻击者可借助特制的图像利用该漏洞导致系统加载远程图像并获取目标系统的IP地址。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

厂商已提供漏洞修补方案,请关注厂商主页及时更新: https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2020-1229

Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-1229
Impacted products
Name
['Microsoft Word 2010 SP2', 'Microsoft Office 2010 SP2', 'Microsoft Office 2013 SP1', 'Microsoft Word 2013 SP1', 'Microsoft Word 2013 RT SP1', 'Microsoft Office 2016', 'Microsoft Word 2016', 'Microsoft Office 2016 for Mac', 'Microsoft Office 2019', 'Microsoft Office 2019 for Mac', 'Microsoft Office 2013 RT SP1', 'Microsoft 365 Apps for Enterprise']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-1229"
    }
  },
  "description": "Microsoft Outlook\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u5e94\u7528\u7a0b\u5e8f\u3002 \n\nMicrosoft Outlook\u4e2d\u5b58\u5728\u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u6267\u884c\u7cfb\u7edf\u4e0a\u914d\u7f6e\u7684\u5b89\u5168\u8bbe\u7f6e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u56fe\u50cf\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7cfb\u7edf\u52a0\u8f7d\u8fdc\u7a0b\u56fe\u50cf\u5e76\u83b7\u53d6\u76ee\u6807\u7cfb\u7edf\u7684IP\u5730\u5740\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u8865\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2020-1229",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-25015",
  "openTime": "2021-04-06",
  "patchDescription": "Microsoft Outlook\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u5e94\u7528\u7a0b\u5e8f\u3002 \r\n\r\nMicrosoft Outlook\u4e2d\u5b58\u5728\u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u6267\u884c\u7cfb\u7edf\u4e0a\u914d\u7f6e\u7684\u5b89\u5168\u8bbe\u7f6e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u56fe\u50cf\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7cfb\u7edf\u52a0\u8f7d\u8fdc\u7a0b\u56fe\u50cf\u5e76\u83b7\u53d6\u76ee\u6807\u7cfb\u7edf\u7684IP\u5730\u5740\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Outlook\u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2021-25015\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Word 2010 SP2",
      "Microsoft Office 2010 SP2",
      "Microsoft Office 2013 SP1",
      "Microsoft Word 2013 SP1",
      "Microsoft Word 2013 RT SP1",
      "Microsoft Office 2016",
      "Microsoft Word 2016",
      "Microsoft Office 2016 for Mac",
      "Microsoft Office 2019",
      "Microsoft Office 2019 for Mac",
      "Microsoft Office 2013 RT SP1",
      "Microsoft 365 Apps for Enterprise"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-1229",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-10",
  "title": "Microsoft Outlook\u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2021-25015\uff09"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.