Primary

Context

Microsoft Outlook Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability exists in Microsoft Outlook for Mac, specifically in the Legacy version. This issue allows an attacker to bypass Outlook's protections against certain file extensions, potentially leading to the execution of malicious code. The vulnerability is exploited locally, requiring user interaction, such as previewing an attached file in the attachment Preview Pane.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users can apply the security update available through the Microsoft Update Catalog. Instructions for downloading this update are provided in the release notes linked in the Microsoft Security Update Guide.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Outlook Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Outlook for Mac

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating